Hi, ammerman, thanks again for your help.
Computer running a litle better, though still a little slow at times.
Antivir picked up 7 viruses after full scan! Results posted below, and what is the 'sharing meta data' that sysport picked up? Anyway, all rsults posted below:
OTS Log:All Processes Killed
[Win32 Services - Safe List]
Service AVRedirector stopped successfully!
Service AVRedirector deleted successfully!
File not found.
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_USERS\1-5-21-57929295-3719358328-2888033797-1003\SOFTWARE\Microsoft\Internet Explorer\Main not found.
Registry key HKEY_USERS\1-5-21-57929295-3719358328-2888033797-1003\SOFTWARE\Microsoft\Internet Explorer\Main not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\\torun.inf.vir not found.
D:\autorun.inf.vir moved successfully.
[Empty Temp Folders]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: Owner
->Temp folder emptied: 585038 bytes
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 4704231 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 22211584 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 26.35 mb
< End of fix log >
OTS by OldTimer - Version 3.0.12.1 fix logfile created on 09192009_225314
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
SysProt Log:SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No
Name: System
PID: 4
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\smss.exe
PID: 508
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\csrss.exe
PID: 592
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\winlogon.exe
PID: 616
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\services.exe
PID: 660
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\lsass.exe
PID: 672
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 832
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 888
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 956
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1020
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1132
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1268
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\sched.exe
PID: 1316
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1380
Hidden: No
Window Visible: No
Name: C:\WINDOWS\explorer.exe
PID: 1588
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PID: 1668
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PID: 1680
Hidden: No
Window Visible: No
Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1724
Hidden: No
Window Visible: No
Name: C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
PID: 1764
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\nvsvc32.exe
PID: 1792
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\alg.exe
PID: 1108
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wscntfy.exe
PID: 1140
Hidden: No
Window Visible: No
Name: C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
PID: 1176
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PID: 248
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\AOL\1209815663\ee\aolsoftware.exe
PID: 256
Hidden: No
Window Visible: No
Name: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
PID: 272
Hidden: No
Window Visible: No
Name: C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PID: 280
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 296
Hidden: No
Window Visible: No
Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 304
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PID: 372
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\rundll32.exe
PID: 1456
Hidden: No
Window Visible: No
Name: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PID: 1568
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 2064
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 2412
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wuauclt.exe
PID: 2496
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wuauclt.exe
PID: 2668
Hidden: No
Window Visible: No
Name: C:\Program Files\Avant Browser\avant.exe
PID: 2812
Hidden: No
Window Visible: No
Name: C:\Documents and Settings\Owner\Desktop\SysProt\SysProt\SysProt.exe
PID: 3744
Hidden: No
Window Visible: Yes
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Owner\Desktop\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: EB924000
Module End: EB92F000
Hidden: No
Module Name: \WINDOWS\system32\ntoskrnl.exe
Service Name: ---
Module Base: 804D7000
Module End: 806EB580
Hidden: No
Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806EC000
Module End: 8070C380
Hidden: No
Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7987000
Module End: F7989000
Hidden: No
Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7897000
Module End: F789A000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7438000
Module End: F7466000
Hidden: No
Module Name: \WINDOWS\System32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7989000
Module End: F798B000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7427000
Module End: F7438000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F7487000
Module End: F7490000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7A4F000
Module End: F7A50000
Hidden: No
Module Name: \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7707000
Module End: F770E000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F7497000
Module End: F74A2000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7408000
Module End: F7427000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F770F000
Module End: F7714000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F74A7000
Module End: F74B4000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F73F0000
Module End: F7408000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F74B7000
Module End: F74C0000
Hidden: No
Module Name: \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F74C7000
Module End: F74D4000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F73D0000
Module End: F73F0000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F73BE000
Module End: F73D0000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F73A7000
Module End: F73BE000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F731A000
Module End: F73A7000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F72ED000
Module End: F731A000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\SISAGPX.sys
Service Name: SISAGP
Module Base: F74D7000
Module End: F74E0000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\viaagp1.sys
Service Name: viaagp1
Module Base: F7717000
Module End: F771E000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F74E7000
Module End: F74F6000
Hidden: No
Module Name: \WINDOWS\System32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F74F7000
Module End: F7504000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\nv_agp.sys
Service Name: nv_agp
Module Base: F771F000
Module End: F7725000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F72D2000
Module End: F72ED000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\agp440.sys
Service Name: agp440
Module Base: F7507000
Module End: F7512000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: F75A7000
Module End: F75B7000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F76D7000
Module End: F76E0000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: F713C000
Module End: F7274000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F7128000
Module End: F713C000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F77CF000
Module End: F77D4000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F7105000
Module End: F7128000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F77D7000
Module End: F77DE000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\delta.sys
Service Name: DELTA
Module Base: F70BB000
Module End: F7105000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\portcls.sys
Service Name: ---
Module Base: F7097000
Module End: F70BB000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\drmk.sys
Service Name: ---
Module Base: F76E7000
Module End: F76F6000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\ks.sys
Service Name: ---
Module Base: F7074000
Module End: F7097000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys
Service Name: HSFHWBS2
Module Base: F7044000
Module End: F7074000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\HSF_DP.sys
Service Name: HSF_DP
Module Base: F6F40000
Module End: F7044000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys
Service Name: winachsf
Module Base: F6EA5000
Module End: F6F40000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F77DF000
Module End: F77E7000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\R8139n51.SYS
Service Name: rtl8139
Module Base: F76F7000
Module End: F7703000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\serial.sys
Service Name: Serial
Module Base: F7537000
Module End: F7547000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: F793B000
Module End: F793F000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\parport.sys
Service Name: Parport
Module Base: F6E91000
Module End: F6EA5000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F7547000
Module End: F7554000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\PS2.sys
Service Name: Ps2
Module Base: F793F000
Module End: F7943000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F77EF000
Module End: F77F5000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F77F7000
Module End: F77FD000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F7557000
Module End: F7562000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pfc.sys
Service Name: pfc
Module Base: F7943000
Module End: F7946000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\AFS2K.SYS
Service Name: AFS2K
Module Base: F7567000
Module End: F7570000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F7577000
Module End: F7584000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F7587000
Module End: F7596000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7B3E000
Module End: F7B3F000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F7597000
Module End: F75A4000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F794F000
Module End: F7952000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F6DDA000
Module End: F6DF1000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F75B7000
Module End: F75C2000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F75C7000
Module End: F75D3000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F77FF000
Module End: F7804000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F6DC9000
Module End: F6DDA000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F75D7000
Module End: F75E0000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F7807000
Module End: F780C000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F780F000
Module End: F7814000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\wanatw4.sys
Service Name: wanatw
Module Base: F7817000
Module End: F781D000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F75E7000
Module End: F75F1000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F79B3000
Module End: F79B5000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\update.sys
Service Name: Update
Module Base: F6D70000
Module End: F6DC9000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F795F000
Module End: F7963000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F75F7000
Module End: F7601000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F7607000
Module End: F7616000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F79BB000
Module End: F79BD000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: F781F000
Module End: F7824000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F79BD000
Module End: F79BF000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7AAF000
Module End: F7AB0000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F79BF000
Module End: F79C1000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F782F000
Module End: F7835000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F79C1000
Module End: F79C3000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F79C3000
Module End: F79C5000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F7837000
Module End: F783C000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F783F000
Module End: F7847000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F7284000
Module End: F7287000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: EC6B4000
Module End: EC6C7000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: EC65C000
Module End: EC6B4000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\MpFirewall.sys
Service Name: MPFIREWL
Module Base: F7637000
Module End: F7645000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: EC594000
Module End: EC5BC000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: EC572000
Module End: EC594000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F7647000
Module End: F7650000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Service Name: ssmdrv
Module Base: F7847000
Module End: F784D000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\srvkp.sys
Service Name: SiSkp
Module Base: F727C000
Module End: F727F000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: EC547000
Module End: EC572000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: EC4D8000
Module End: EC547000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F7677000
Module End: F7680000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: EC4B7000
Module End: EC4D8000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F7687000
Module End: F7690000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: F7697000
Module End: F76A6000
Hidden: No
Module Name: \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys
Service Name: SunkFilt
Module Base: F7857000
Module End: F785E000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: F785F000
Module End: F7866000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Service Name: avipbb
Module Base: EC473000
Module End: EC48F000
Hidden: No
Module Name: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Service Name: avgio
Module Base: F79C7000
Module End: F79C9000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: EC450000
Module End: EC473000
Hidden: No
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: EC438000
Module End: EC450000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F79CB000
Module End: F79CD000
Hidden: Yes
Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F6D50000
Module End: F6D53000
Hidden: No
Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F787F000
Module End: F7884000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7B64000
Module End: F7B65000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Service Name: avgntflt
Module Base: EBF0D000
Module End: EBF21000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: EBF41000
Module End: EBF45000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: EBCB1000
Module End: EBCDD000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: EBC74000
Module End: EBC89000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: EBFD9000
Module End: EBFE8000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: F7A3D000
Module End: F7A3F000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: EBC68000
Module End: EBC6B000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\srv.sys
Service Name: Srv
Module Base: EBABC000
Module End: EBB0E000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Service Name: IpFilterDriver
Module Base: EB904000
Module End: EB90D000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: EB57C000
Module End: EB58C000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: EB2A8000
Module End: EB2E9000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: EB115000
Module End: EB140000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: F77E7000
Module End: F77EE000
Hidden: No
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F7B4FC3E
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwCreateThread
Address: F7B4FC34
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwDeleteKey
Address: F7B4FC43
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwDeleteValueKey
Address: F7B4FC4D
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwLoadKey
Address: F7B4FC52
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwOpenProcess
Address: F7B4FC20
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwOpenThread
Address: F7B4FC25
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwReplaceKey
Address: F7B4FC5C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwRestoreKey
Address: F7B4FC57
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwSetValueKey
Address: F7B4FC48
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwTerminateProcess
Address: F7B4FC2F
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
No IRP Hooks found
******************************************************************************************
******************************************************************************************
Ports:
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1207
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1206
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1205
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1204
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1203
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1202
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1201
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1200
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1199
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1198
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1197
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1196
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1195
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1194
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1193
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1192
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1191
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1190
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1189
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1188
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1187
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1186
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1185
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1184
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1183
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1182
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1181
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1180
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1179
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1178
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1177
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1176
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1175
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1174
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1173
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1172
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1171
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1170
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1169
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1168
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1167
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1166
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1165
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1164
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:2869
Remote Address: DSLDEVICE.LAN:1163
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:1164
Remote Address: 72.26.193.130:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:1147
Remote Address: WW-IN-F101.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:1140
Remote Address: 64.225.158.191:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:1129
Remote Address: WW-IN-F101.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: YOUR-G2ASVV4L2M.LAN:1056
Remote Address: HACKERWATCH.ORG:HTTP
Type: TCP
Process: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
State: ESTABLISHED
Local Address: YOUR-G2ASVV4L2M.LAN:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: YOUR-G2ASVV4L2M:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING
Local Address: YOUR-G2ASVV4L2M:1026
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING
Local Address: YOUR-G2ASVV4L2M:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING
Local Address: YOUR-G2ASVV4L2M:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: YOUR-G2ASVV4L2M:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING
Local Address: YOUR-G2ASVV4L2M.LAN:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: YOUR-G2ASVV4L2M.LAN:138
Remote Address: NA
Type: UDP
Process: System
State: NA
Local Address: YOUR-G2ASVV4L2M.LAN:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA
Local Address: YOUR-G2ASVV4L2M.LAN:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: YOUR-G2ASVV4L2M:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: YOUR-G2ASVV4L2M:1061
Remote Address: NA
Type: UDP
Process: C:\Program Files\Avant Browser\avant.exe
State: NA
Local Address: YOUR-G2ASVV4L2M:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: YOUR-G2ASVV4L2M:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: YOUR-G2ASVV4L2M:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: YOUR-G2ASVV4L2M:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\<email address>\SharingMetadata\<email address>\DFSR\Staging\CS{30D24023-8990-D0DD-9257-7DCC82773327}\01\10-{30D24023-8990-D0DD-9257-7DCC82773327}-v
Status: Hidden
Object: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\<email address>\SharingMetadata\<email address>\DFSR\Staging\CS{30D24023-8990-D0DD-9257-7DCC82773327}\17\17-{863BAFB8-E7FF-4718-8616-AA517D56B43C}-v
Status: Hidden
Object: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\<email address>\SharingMetadata\<email address>\DFSR\Staging\CS{30D24023-8990-D0DD-9257-7DCC82773327}\18\18-{863BAFB8-E7FF-4718-8616-AA517D56B43C}-v
Status: Hidden
Object: C:\Program Files\IObit\IObit SmartDefrag\language\Lietuviu.lng
Status: Hidden
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied
Object: C:\System Volume Information\tracking.log
Status: Access denied
Object: C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}
Status: Access denied
AntiVir Log:Avira AntiVir Personal
Report file date: 19 September 2009 23:06
Scanning for 1562564 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-G2ASVV4L2M
Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 29/07/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21/07/2009 13:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 10:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 11:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 10:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 12:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 09:21:42
ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 19/07/2009 22:08:01
ANTIVIR3.VDF : 7.1.5.19 139776 Bytes 23/07/2009 07:36:13
Engineversion : 8.2.0.228
AEVDF.DLL : 8.1.1.1 106868 Bytes 28/07/2009 13:31:50
AESCRIPT.DLL : 8.1.2.18 442746 Bytes 23/07/2009 09:59:39
AESCN.DLL : 8.1.2.4 127348 Bytes 23/07/2009 09:59:39
AERDL.DLL : 8.1.2.4 430452 Bytes 23/07/2009 09:59:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 28/07/2009 13:31:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23/07/2009 09:59:39
AEHEUR.DLL : 8.1.0.143 1864055 Bytes 23/07/2009 09:59:39
AEHELP.DLL : 8.1.5.3 233846 Bytes 23/07/2009 09:59:39
AEGEN.DLL : 8.1.1.50 352629 Bytes 23/07/2009 09:59:39
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 14:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 23/07/2009 09:59:39
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 14:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 10:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 14:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 10:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 15:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 10:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 08:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 10:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 15:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 10:19:48
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,
Start of the scan: 19 September 2009 23:06
Starting search for hidden objects.
'50114' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'SysProt.exe' - '1' Module(s) have been scanned
Scan process 'avant.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'MpfTray.exe' - '1' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'MpfAgent.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MpfService.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '58' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Owner\My Documents\Downloads\HIDE%2520MY%2520IP%25202009%2520(latest).rar
[0] Archive type: RAR
--> HIDE MY IP 2009 (latest)\Hide My Ip 2009.EXE
[1] Archive type: RSRC
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\Suite\comps\acscore.exe
[0] Archive type: NSIS
--> [PluginsDir]/utility.dll
[DETECTION] Is the TR/StartPage.bah.2 Trojan
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\Suite\comps\acslang.exe
[0] Archive type: NSIS
--> [PluginsDir]/utility.dll
[DETECTION] Is the TR/StartPage.bah.1 Trojan
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\Suite\comps\acslang_uk.exe
[0] Archive type: NSIS
--> [PluginsDir]/utility.dll
[DETECTION] Is the TR/StartPage.bah.1 Trojan
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\UK\ACSLAN~1.EXE
[0] Archive type: NSIS
--> [PluginsDir]/utility.dll
[DETECTION] Is the TR/StartPage.bah.1 Trojan
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP50\A0044038.exe
[DETECTION] Contains recognition pattern of the DR/PSW.Cain.284.57 dropper
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP51\A0046110.rbf
[DETECTION] Is the TR/Spy.Gen Trojan
Begin scan in 'D:\' <HP_RECOVERY>
Beginning disinfection:
C:\Documents and Settings\Owner\My Documents\Downloads\HIDE%2520MY%2520IP%25202009%2520(latest).rar
[NOTE] The file was moved to '4af96177.qua'!
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\Suite\comps\acscore.exe
[NOTE] The file was moved to '4b286192.qua'!
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\Suite\comps\acslang.exe
[NOTE] The file was moved to '4aae8f73.qua'!
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\Suite\comps\acslang_uk.exe
[NOTE] The file was moved to '4870667b.qua'!
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\UK\ACSLAN~1.EXE
[NOTE] The file was moved to '4b086172.qua'!
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP50\A0044038.exe
[DETECTION] Contains recognition pattern of the DR/PSW.Cain.284.57 dropper
[NOTE] The file was moved to '4ae5615f.qua'!
C:\System Volume Information\_restore{E2428E38-B8A4-48ED-9563-FAC66F28201E}\RP51\A0046110.rbf
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to '4ae56160.qua'!
End of the scan: 19 September 2009 23:54
Used time: 47:52 Minute(s)
The scan has been done completely.
6951 Scanned directories
438833 Files were scanned
7 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
7 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
438824 Files not concerned
19373 Archives were scanned
2 Warnings
9 Notes
50114 Objects were scanned with rootkit scan
0 Hidden objects were found
OTL Text:OTL logfile created on: 20/09/2009 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.30 Mb Total Physical Memory | 671.23 Mb Available Physical Memory | 65.59% Memory free
2.41 Gb Paging File | 2.12 Gb Available in Paging File | 88.10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.01 Gb Total Space | 55.20 Gb Free Space | 78.85% Space Free | Partition Type: NTFS
Drive D: | 4.50 Gb Total Space | 0.55 Gb Free Space | 12.19% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-G2ASVV4L2M
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe (McAfee Security)
PRC - C:\Program Files\Common Files\AOL\1209815663\ee\AOLSoftware.exe (America Online, Inc.)
PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Avant Browser\avant.exe (Avant Force)
PRC - C:\Documents and Settings\Owner\Desktop\SysProt\SysProt\SysProt.exe ()
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (StumbleUponUpdateService [On_Demand | Stopped]) -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe (stumbleupon.com)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (DELTA [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\delta.sys (Midiman/M-Audio)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MPFIREWL [System | Running]) -- C:\WINDOWS\System32\Drivers\MpFirewall.sys ()
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nv_agp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiS315 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (SunkFilt [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys (Alcor Micro Corp.)
DRV - (tap0901 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\tap0901.sys (The OpenVPN Project)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics, Inc.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ialmkchw.sys (Intel Corporation)
DRV - (SysProtDrv.sys [On_Demand | Running]) -- C:\Documents and Settings\Owner\Desktop\SysProt\SysProt\SysProtDrv.sys ()
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://gb10.hpwis.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-gb10.hpwis.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://google.co.uk/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch =
http://ie.search.msn...autosearch.aspxIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=
FF - HKLM\software\mozilla\Firefox\extensions\\
[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/21 20:02:49 | 00,000,000 | ---D | M]
O1 HOSTS File: (324359 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11100 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1209815663\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Acme.PCHButton] C:\Program Files\HP Pavilion PC Help\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 61 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD}
http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2}
https://signin3.valu...018/flashax.cab (FlashXControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/01/01 09:36:50 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 21:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ========== [2009/09/19 23:24:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/09/19 23:06:20 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/19 22:59:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SysProt
[2009/09/19 22:59:39 | 00,354,396 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SysProt.zip
[2009/09/19 22:53:14 | 00,000,000 | ---D | C] -- C:\_OTS
[2009/09/19 17:26:48 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/09/19 17:26:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/09/19 17:26:16 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/09/19 17:26:16 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/09/19 17:26:16 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/09/19 17:26:16 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/09/19 17:26:16 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/09/19 17:26:16 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/09/19 17:26:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/09/19 17:24:52 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/09/19 17:24:52 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/09/19 17:24:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/09/19 17:19:02 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/09/19 17:17:14 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/19 15:15:13 | 00,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/19 15:15:01 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/09/19 15:15:01 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/09/19 15:15:01 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/09/19 15:15:00 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/09/19 15:14:57 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/09/19 15:14:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/09/19 14:51:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Security
[2009/09/19 14:41:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/09/19 14:27:07 | 00,000,384 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/09/19 14:27:00 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/09/19 14:18:27 | 00,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2009/09/19 14:15:58 | 00,000,000 | ---D | C] -- C:\Program Files\WinASO
[2009/09/19 13:08:57 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTS.exe
[2009/09/18 14:21:19 | 00,049,995 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1253276190196.jpg
[2009/09/17 00:07:56 | 00,185,565 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\kj11-dimitri-kjeragbolten.jpg
[2009/09/17 00:07:51 | 00,498,925 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2725713935_2e67cf74e8_b.jpg
[2009/09/17 00:06:57 | 01,618,675 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\moher.jpg
[2009/09/17 00:06:23 | 00,074,132 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\swimpc.jpg
[2009/09/17 00:04:22 | 00,062,355 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\_prekestol_jpg_465461a.jpg
[2009/09/15 14:51:14 | 00,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avant Browser.lnk
[2009/09/15 13:28:05 | 00,000,043 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\lightn.gif
[2009/09/13 00:29:07 | 00,227,358 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cross eyed.bmp
[2009/09/13 00:12:26 | 00,041,130 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\twaddle.jpg
[2009/09/08 13:35:18 | 00,048,752 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\humor,scrabble,you,lost,the,game,board,game,game,lost-c1ada83f8a8c5d3742b5ffa7e41730d3_h.jpg
[2009/09/06 18:54:13 | 00,302,431 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Zelle-des-Jahres-2009-a18358050.jpg
[2009/09/06 16:09:40 | 00,324,662 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\butter.bmp
[2009/09/06 00:47:08 | 00,109,245 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1252193549647.jpg
[2009/09/05 22:53:10 | 01,284,054 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\fw.bmp
[2009/09/05 22:34:26 | 00,075,017 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\3.jpg
[2009/09/05 22:33:45 | 00,113,760 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2.jpg
[2009/09/04 18:24:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\TC150x150SuggestedLogo
[2009/09/04 18:24:06 | 00,013,645 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\TC150x150SuggestedLogo.zip
[2009/09/04 17:47:10 | 00,190,577 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\this thread is.jpg
[2009/09/04 17:46:24 | 00,041,754 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dnt make me.jpg
[2009/09/04 15:24:47 | 00,082,221 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\manhat.jpg
[2009/09/03 01:09:39 | 00,036,060 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\hoers.jpg
[2009/09/03 01:05:34 | 00,108,490 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\harp.jpg
[2009/09/03 00:31:08 | 00,229,694 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\esca.jpg
[2009/09/02 21:14:49 | 00,130,614 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pb.bmp
[2009/09/02 17:50:00 | 00,142,774 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\12519187523XwEbIs (1).jpg
[2009/09/02 16:00:26 | 00,004,888 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\thrfai.jpg
[2009/09/01 18:10:22 | 00,062,139 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\tacti.jpg
[2009/09/01 17:52:33 | 00,106,279 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1251823779998.jpg
[2009/09/01 15:33:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealHideIP
[2009/09/01 01:29:32 | 00,422,628 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\SE1U3.gif
[2009/08/31 23:20:22 | 00,081,573 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\vomphot.jpg
[2009/08/31 01:28:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Simply Super Software
[2009/08/31 00:39:48 | 00,140,191 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\451.jpg
[2009/08/30 14:34:53 | 10,730,74176 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/29 13:46:02 | 00,269,518 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\three_frames_18.gif
[2009/08/29 13:33:43 | 00,060,164 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\kTCKf.jpg
[2009/08/28 21:59:41 | 00,029,013 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\brill.jpg
[2009/08/28 00:01:23 | 00,061,758 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\tumblr_kp014ixsYi1qz5njko1_500.jpg
[2009/08/26 22:41:52 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/08/26 22:41:52 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/08/26 22:41:52 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/08/26 22:41:52 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2009/08/26 22:41:51 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/08/26 22:41:49 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2009/08/26 22:41:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/08/26 15:39:17 | 00,000,000 | ---D | C] -- C:\Program Files\NetConceal Anonymizer
[2009/08/26 15:39:14 | 00,000,125 | ---- | C] () -- C:\ioSpecial.ini
[2009/08/26 15:30:23 | 00,000,000 | ---D | C] -- C:\Program Files\Invisible IP Map
[2009/08/26 15:14:47 | 00,000,000 | ---D | C] -- C:\Program Files\Privacy Shield
[2009/08/26 14:49:29 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SpOrder.dll
[2009/08/25 19:53:03 | 00,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2009/08/25 19:52:49 | 00,000,000 | ---D | C] -- C:\Program Files\Cain
[2009/08/23 11:28:10 | 20,555,320 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\video2.flv
[2009/08/23 00:52:14 | 24,152,774 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\video.flv
[2009/08/22 23:33:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\gifs
[2009/08/21 23:41:45 | 00,030,656 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\8tpi5l.jpg
[2009/08/21 23:16:50 | 01,290,438 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\templ.bmp
[2009/08/21 23:12:38 | 00,009,204 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1250892327235.jpg
[2009/08/21 22:58:02 | 00,037,663 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1250889623322.jpg
[2009/08/08 19:35:48 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\AVLibrary.dll
[2009/02/19 19:39:49 | 00,000,062 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2008/12/23 16:33:18 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/08/08 12:47:37 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\MpfApi.dll
[2008/08/08 12:47:36 | 00,055,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\MpFirewall.sys
[2008/05/26 21:21:01 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2008/05/03 12:13:46 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/04/18 14:50:36 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/16 16:24:40 | 00,000,302 | ---- | C] () -- C:\WINDOWS\ARColorCodes.ini
[2007/12/05 14:43:31 | 00,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2003/06/09 20:25:04 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2003/01/01 16:25:02 | 00,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/01 16:24:46 | 00,000,779 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/01/01 16:24:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/01 12:05:46 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/01/01 11:53:15 | 00,028,986 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/01/01 11:52:51 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/01/01 11:52:15 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/01/01 10:48:22 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/01 10:20:42 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/01 10:11:43 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/01/01 10:11:43 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/01/01 10:11:23 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/01/01 09:40:09 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/01 09:34:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/01 09:33:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/01/01 09:14:03 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/01/01 09:14:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
========== Files - Modified Within 30 Days ========== [2009/09/19 23:33:01 | 00,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57929295-3719358328-2888033797-1003UA.job
[2009/09/19 23:06:25 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/19 22:59:40 | 00,354,396 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SysProt.zip
[2009/09/19 22:56:31 | 00,149,984 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2009/09/19 22:55:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/19 22:55:38 | 10,730,74176 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/19 22:55:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/19 19:09:51 | 05,333,732 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/09/19 17:34:07 | 00,002,295 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2009/09/19 17:33:00 | 00,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57929295-3719358328-2888033797-1003Core.job
[2009/09/19 17:26:55 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/19 15:15:13 | 00,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/19 14:27:07 | 00,000,384 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/09/19 13:09:01 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTS.exe
[2009/09/18 17:19:37 | 00,000,779 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/18 14:21:19 | 00,049,995 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1253276190196.jpg
[2009/09/18 12:02:09 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
[2009/09/17 00:07:56 | 00,185,565 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\kj11-dimitri-kjeragbolten.jpg
[2009/09/17 00:07:51 | 00,498,925 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2725713935_2e67cf74e8_b.jpg
[2009/09/17 00:06:57 | 01,618,675 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\moher.jpg
[2009/09/17 00:06:23 | 00,074,132 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\swimpc.jpg
[2009/09/17 00:04:22 | 00,062,355 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\_prekestol_jpg_465461a.jpg
[2009/09/15 14:51:14 | 00,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avant Browser.lnk
[2009/09/15 13:28:05 | 00,000,043 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lightn.gif
[2009/09/13 00:29:07 | 00,227,358 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cross eyed.bmp
[2009/09/13 00:12:26 | 00,041,130 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\twaddle.jpg
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/08 13:35:13 | 00,048,752 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\humor,scrabble,you,lost,the,game,board,game,game,lost-c1ada83f8a8c5d3742b5ffa7e41730d3_h.jpg
[2009/09/06 18:53:54 | 00,302,431 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Zelle-des-Jahres-2009-a18358050.jpg
[2009/09/06 16:09:40 | 00,324,662 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\butter.bmp
[2009/09/06 00:47:08 | 00,109,245 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1252193549647.jpg
[2009/09/05 22:53:10 | 01,284,054 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fw.bmp
[2009/09/05 22:34:26 | 00,075,017 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\3.jpg
[2009/09/05 22:33:45 | 00,113,760 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2.jpg
[2009/09/05 22:33:36 | 00,028,646 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1.jpg
[2009/09/04 18:24:07 | 00,013,645 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\TC150x150SuggestedLogo.zip
[2009/09/04 17:47:10 | 00,190,577 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\this thread is.jpg
[2009/09/04 17:46:24 | 00,041,754 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dnt make me.jpg
[2009/09/04 15:24:28 | 00,082,221 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\manhat.jpg
[2009/09/03 01:09:39 | 00,036,060 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\hoers.jpg
[2009/09/03 01:05:34 | 00,108,490 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\harp.jpg
[2009/09/03 00:31:08 | 00,229,694 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\esca.jpg
[2009/09/02 21:14:49 | 00,130,614 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pb.bmp
[2009/09/02 17:50:00 | 00,142,774 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\12519187523XwEbIs (1).jpg
[2009/09/02 16:00:26 | 00,004,888 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\thrfai.jpg
[2009/09/01 18:10:22 | 00,062,139 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\tacti.jpg
[2009/09/01 17:52:35 | 00,106,279 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1251823779998.jpg
[2009/09/01 01:27:13 | 00,422,628 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\SE1U3.gif
[2009/08/31 23:19:46 | 00,081,573 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\vomphot.jpg
[2009/08/31 00:38:18 | 00,140,191 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\451.jpg
[2009/08/30 14:30:56 | 00,324,359 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/08/29 13:44:28 | 00,269,518 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\three_frames_18.gif
[2009/08/29 13:31:36 | 00,060,164 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\kTCKf.jpg
[2009/08/29 12:11:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/28 22:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/28 21:59:41 | 00,029,013 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\brill.jpg
[2009/08/28 00:01:06 | 00,061,758 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\tumblr_kp014ixsYi1qz5njko1_500.jpg
[2009/08/26 22:46:16 | 00,000,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090830-143056.backup
[2009/08/26 16:16:28 | 00,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2009/08/26 14:49:29 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SpOrder.dll
[2009/08/23 11:28:11 | 20,555,320 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\video2.flv
[2009/08/23 00:52:15 | 24,152,774 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\video.flv
[2009/08/22 01:01:21 | 01,290,438 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\templ.bmp
[2009/08/21 23:27:13 | 00,030,656 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\8tpi5l.jpg
[2009/08/21 23:12:38 | 00,009,204 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1250892327235.jpg
[2009/08/21 22:58:02 | 00,037,663 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1250889623322.jpg
[2009/08/21 10:46:35 | 00,450,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/08/21 10:46:35 | 00,450,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF1D8F55
< End of report >
OTL Extras:OTL Extras logfile created on: 20/09/2009 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.30 Mb Total Physical Memory | 671.23 Mb Available Physical Memory | 65.59% Memory free
2.41 Gb Paging File | 2.12 Gb Available in Paging File | 88.10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.01 Gb Total Space | 55.20 Gb Free Space | 78.85% Space Free | Partition Type: NTFS
Drive D: | 4.50 Gb Total Space | 0.55 Gb Free Space | 12.19% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-G2ASVV4L2M
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Avant Browser\avant.exe (Avant Force)
.url [@ = InternetShortcut] -- C:\Program Files\Avant Browser\avant.exe (Avant Force)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
htmlfile [opennew] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
http [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
https [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
InternetShortcut [open] -- "C:\Program Files\Avant Browser\avant.exe" %1 (Avant Force)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Services -- (AOL LLC)
"C:\Program Files\AOL\RC\regClient.exe" = C:\Program Files\AOL\RC\regClient.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\AOL 9.0 VRa\waol.exe" = C:\Program Files\AOL 9.0 VRa\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Avant Browser\avant.exe" = C:\Program Files\Avant Browser\avant.exe:*:Enabled:Avant Browser -- (Avant Force)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 14
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AOL Regclient" = AOL Registration
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AvantBrowser" = Avant Browser (remove only)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlueVoda_Website_Builder_1.0" = BlueVoda Website Builder 9.2
"CCleaner" = CCleaner (remove only)
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FLV Player" = FLV Player 2.0 (build 25)
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"InstallShield_{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Personal Firewall Plus" = McAfee Personal Firewall Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA GART Driver" = NVIDIA GART Driver
"RealPlayer 6.0" = RealPlayer
"Smart Defrag_is1" = Smart Defrag 1.20
"StreetPlugin" = Learn2 Player (Uninstall Only)
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"Trojan Remover_is1" = Trojan Remover 6.8.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinPcapInst" = WinPcap 4.1 beta5
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 26/08/2009 10:00:47 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module pcproxy.dll, version 0.0.0.0, fault address 0x00006047.
Error - 27/08/2009 16:35:50 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Error | ID = 1000
Description = Faulting application avant.exe, version 11.7.0.9, faulting module
unknown, version 0.0.0.0, fault address 0x09b99934.
Error - 29/08/2009 10:03:15 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module flash10b.ocx, version 10.0.22.87, fault address 0x001f6002.
Error - 30/08/2009 09:29:50 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Error | ID = 1000
Description = Faulting application mpftray.exe, version 4.5.3.30, faulting module
kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
Error - 02/09/2009 15:14:17 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.3603, fault address 0x0010f5f5.
Error - 14/09/2009 05:31:42 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Error | ID = 1000
Description = Faulting application avant.exe, version 11.7.0.9, faulting module
unknown, version 0.0.0.0, fault address 0x07399934.
Error - 16/09/2009 07:24:28 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Hang | ID = 1002
Description = Hanging application avant.exe, version 11.7.0.37, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 17/09/2009 17:31:41 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Hang | ID = 1002
Description = Hanging application avant.exe, version 11.7.0.37, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 18/09/2009 13:20:19 | Computer Name = YOUR-G2ASVV4L2M | Source = Application Hang | ID = 1002
Description = Hanging application avant.exe, version 11.7.0.37, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 19/09/2009 09:42:01 | Computer Name = YOUR-G2ASVV4L2M | Source = IS360srv.exe | ID = 0
Description =
[ System Events ]
Error - 18/09/2009 06:57:52 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7034
Description = The AOL Connectivity Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 18/09/2009 08:13:19 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7034
Description = The AOL Connectivity Service service terminated unexpectedly. It
has done this 2 time(s).
Error - 18/09/2009 12:20:36 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7034
Description = The AOL Connectivity Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 19/09/2009 09:50:45 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7034
Description = The IS360service service terminated unexpectedly. It has done this
1 time(s).
Error - 19/09/2009 12:14:47 | Computer Name = YOUR-G2ASVV4L2M | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error - 19/09/2009 12:44:17 | Computer Name = YOUR-G2ASVV4L2M | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error - 19/09/2009 17:53:25 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7034
Description = The AOL Connectivity Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 19/09/2009 17:53:26 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7034
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 19/09/2009 17:53:26 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 19/09/2009 17:53:29 | Computer Name = YOUR-G2ASVV4L2M | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
< End of report >
Edited by hammerman, 20 September 2009 - 04:09 AM.
E-mail address removed