Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help. Can't remove a trojan [Solved]

Started by dom11 , Oct 12 2009 12:05 PM

  • This topic is locked This topic is locked

#1
dom11
Posted 12 October 2009 - 12:05 PM

dom11

    New Member

  • Member
  • Pip
  • 7 posts
HI. I'm having trouble trying to sort out my sister's comp. Its running very slow and internet explorer keeps popping up with error messages even though she only uses firefox. Avg has given warnings about it being infected with a trojan but doesn't seem to able to remove it. Any help would be much appreciated. Here's the hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:14, on 12/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system\alg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [alg.exe] C:\WINDOWS\system\alg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9212 bytes

Thanks
  • 0

Advertisements

#2
NeonFx
Posted 12 October 2009 - 03:45 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Hello there :) Welcome to the GeeksToGo forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.

Please note the following:

  • The fixes are specific to your problem and should only be used on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
  • It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
Step 1

Download OTS to your Desktop


  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - Desktop Components
    • Reg - Disabled MS Config Items
    • Reg - NetSvcs
    • Reg - Shell Spawning
    • Reg - Uninstall List
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post. To do so click on the "Add Reply" (NOT the "Fast Reply") and click on the "Browse..." button in the Attachments section.

To ensure that I get all the information this log will need to be attached. If it is too large to attach then upload it to Mediafire and post the sharing link.

Step 2

Download RootRepeal from one of the following locations and save it to your desktop:

Link 1
Link 2
Link 3

  • Double click Posted Image to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Posted Image button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, click the Posted Image button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

Edited by NeonFx, 12 October 2009 - 03:45 PM.

  • 0

#3
dom11
Posted 13 October 2009 - 06:10 AM

dom11

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi. Thanks for the response, very much appreciated. I've attached the two txt files.

Attached Files


  • 0

#4
NeonFx
Posted 14 October 2009 - 12:14 AM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Hi there. Sorry about the delay. I'm not seeing very much in the log. Do you have the name and the file that AVG keeps detecting?

Please do the following:

STEP 1

Run OTS

  • Under the Paste Fix Here box on the right, paste in the following

    [Unregister Dlls]
    [Registry - Safe List]
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    YN -> {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Exec [HKLM] -> C:\Program Files\PartyGaming\PartyPoker\RunApp.exe [Button: PartyPoker.com]
    YN -> {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Exec [HKLM] -> C:\Program Files\PartyGaming\PartyPoker\RunApp.exe [Menu: PartyPoker.com]
    YN -> {C2A80015-C447-4dc4-82DD-AED83D6ED57E}:Exec [HKLM] -> C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe [Button: Ladbrokes Poker]
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-500\] > -> HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-500\Software\Microsoft\Internet Explorer\Extensions\
    YN -> CmdMapping\\"{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}" [HKLM] -> C:\Program Files\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com]
    YN -> CmdMapping\\"{C2A80015-C447-4dc4-82DD-AED83D6ED57E}" [HKLM] -> C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe [Ladbrokes Poker]
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    YN -> "C:\WINDOWS\system32\drivers\svchost.exe" -> C:\WINDOWS\System32\drivers\svchost.exe [C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:WinRAR archiver]
    [Custom Items]
    :files
    C:\WINDOWS\System\MXf*.html
    :end
    [Empty Temp Folders]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • This will create a log in C:\_OTS\MovedFiles\<date>_<time>.txt where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste the contents of that file here.


STEP 2

Run OTS again and click on the Quick Scan button at the top. Copy and Paste the results of this scan in your next reply.


STEP 3

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Scan all of your harddrives.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#5
dom11
Posted 14 October 2009 - 10:13 AM

dom11

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi. Thanks again. I think the file came up as a trojan called win32. However, i've scanned the pc again with avg and it seems to have gone. Still seems to be running slowly though and still getting error reports from internet explorer.

OTS -

All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Exec\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Exec\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C2A80015-C447-4dc4-82DD-AED83D6ED57E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2A80015-C447-4dc4-82DD-AED83D6ED57E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2A80015-C447-4dc4-82DD-AED83D6ED57E}:Exec\ not found.
Registry value HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry value HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{C2A80015-C447-4dc4-82DD-AED83D6ED57E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2A80015-C447-4dc4-82DD-AED83D6ED57E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\drivers\svchost.exe deleted successfully.
[Custom Items]
========== FILES ==========
C:\WINDOWS\System\MXf1000.html moved successfully.
C:\WINDOWS\System\MXf1002.html moved successfully.
C:\WINDOWS\System\MXf1003.html moved successfully.
C:\WINDOWS\System\MXf101.html moved successfully.
C:\WINDOWS\System\MXf1013.html moved successfully.
C:\WINDOWS\System\MXf1018.html moved successfully.
C:\WINDOWS\System\MXf1022.html moved successfully.
C:\WINDOWS\System\MXf1025.html moved successfully.
C:\WINDOWS\System\MXf1029.html moved successfully.
C:\WINDOWS\System\MXf1041.html moved successfully.
C:\WINDOWS\System\MXf1042.html moved successfully.
C:\WINDOWS\System\MXf1047.html moved successfully.
C:\WINDOWS\System\MXf1048.html moved successfully.
C:\WINDOWS\System\MXf1050.html moved successfully.
C:\WINDOWS\System\MXf1054.html moved successfully.
C:\WINDOWS\System\MXf1058.html moved successfully.
C:\WINDOWS\System\MXf1060.html moved successfully.
C:\WINDOWS\System\MXf1064.html moved successfully.
C:\WINDOWS\System\MXf1069.html moved successfully.
C:\WINDOWS\System\MXf107.html moved successfully.
C:\WINDOWS\System\MXf1074.html moved successfully.
C:\WINDOWS\System\MXf1075.html moved successfully.
C:\WINDOWS\System\MXf108.html moved successfully.
C:\WINDOWS\System\MXf1083.html moved successfully.
C:\WINDOWS\System\MXf1092.html moved successfully.
C:\WINDOWS\System\MXf1094.html moved successfully.
C:\WINDOWS\System\MXf1096.html moved successfully.
C:\WINDOWS\System\MXf119.html moved successfully.
C:\WINDOWS\System\MXf120.html moved successfully.
C:\WINDOWS\System\MXf125.html moved successfully.
C:\WINDOWS\System\MXf138.html moved successfully.
C:\WINDOWS\System\MXf142.html moved successfully.
C:\WINDOWS\System\MXf144.html moved successfully.
C:\WINDOWS\System\MXf148.html moved successfully.
C:\WINDOWS\System\MXf153.html moved successfully.
C:\WINDOWS\System\MXf154.html moved successfully.
C:\WINDOWS\System\MXf155.html moved successfully.
C:\WINDOWS\System\MXf156.html moved successfully.
C:\WINDOWS\System\MXf157.html moved successfully.
C:\WINDOWS\System\MXf169.html moved successfully.
C:\WINDOWS\System\MXf180.html moved successfully.
C:\WINDOWS\System\MXf182.html moved successfully.
C:\WINDOWS\System\MXf184.html moved successfully.
C:\WINDOWS\System\MXf189.html moved successfully.
C:\WINDOWS\System\MXf194.html moved successfully.
C:\WINDOWS\System\MXf199.html moved successfully.
C:\WINDOWS\System\MXf206.html moved successfully.
C:\WINDOWS\System\MXf209.html moved successfully.
C:\WINDOWS\System\MXf210.html moved successfully.
C:\WINDOWS\System\MXf218.html moved successfully.
C:\WINDOWS\System\MXf223.html moved successfully.
C:\WINDOWS\System\MXf226.html moved successfully.
C:\WINDOWS\System\MXf230.html moved successfully.
C:\WINDOWS\System\MXf234.html moved successfully.
C:\WINDOWS\System\MXf246.html moved successfully.
C:\WINDOWS\System\MXf250.html moved successfully.
C:\WINDOWS\System\MXf270.html moved successfully.
C:\WINDOWS\System\MXf278.html moved successfully.
C:\WINDOWS\System\MXf280.html moved successfully.
C:\WINDOWS\System\MXf282.html moved successfully.
C:\WINDOWS\System\MXf302.html moved successfully.
C:\WINDOWS\System\MXf303.html moved successfully.
C:\WINDOWS\System\MXf304.html moved successfully.
C:\WINDOWS\System\MXf306.html moved successfully.
C:\WINDOWS\System\MXf309.html moved successfully.
C:\WINDOWS\System\MXf317.html moved successfully.
C:\WINDOWS\System\MXf321.html moved successfully.
C:\WINDOWS\System\MXf323.html moved successfully.
C:\WINDOWS\System\MXf330.html moved successfully.
C:\WINDOWS\System\MXf333.html moved successfully.
C:\WINDOWS\System\MXf335.html moved successfully.
C:\WINDOWS\System\MXf338.html moved successfully.
C:\WINDOWS\System\MXf339.html moved successfully.
C:\WINDOWS\System\MXf345.html moved successfully.
C:\WINDOWS\System\MXf351.html moved successfully.
C:\WINDOWS\System\MXf353.html moved successfully.
C:\WINDOWS\System\MXf357.html moved successfully.
C:\WINDOWS\System\MXf365.html moved successfully.
C:\WINDOWS\System\MXf367.html moved successfully.
C:\WINDOWS\System\MXf377.html moved successfully.
C:\WINDOWS\System\MXf378.html moved successfully.
C:\WINDOWS\System\MXf381.html moved successfully.
C:\WINDOWS\System\MXf384.html moved successfully.
C:\WINDOWS\System\MXf385.html moved successfully.
C:\WINDOWS\System\MXf388.html moved successfully.
C:\WINDOWS\System\MXf391.html moved successfully.
C:\WINDOWS\System\MXf393.html moved successfully.
C:\WINDOWS\System\MXf395.html moved successfully.
C:\WINDOWS\System\MXf400.html moved successfully.
C:\WINDOWS\System\MXf415.html moved successfully.
C:\WINDOWS\System\MXf422.html moved successfully.
C:\WINDOWS\System\MXf424.html moved successfully.
C:\WINDOWS\System\MXf436.html moved successfully.
C:\WINDOWS\System\MXf442.html moved successfully.
C:\WINDOWS\System\MXf446.html moved successfully.
C:\WINDOWS\System\MXf447.html moved successfully.
C:\WINDOWS\System\MXf449.html moved successfully.
C:\WINDOWS\System\MXf450.html moved successfully.
C:\WINDOWS\System\MXf454.html moved successfully.
C:\WINDOWS\System\MXf461.html moved successfully.
C:\WINDOWS\System\MXf466.html moved successfully.
C:\WINDOWS\System\MXf468.html moved successfully.
C:\WINDOWS\System\MXf469.html moved successfully.
C:\WINDOWS\System\MXf472.html moved successfully.
C:\WINDOWS\System\MXf473.html moved successfully.
C:\WINDOWS\System\MXf478.html moved successfully.
C:\WINDOWS\System\MXf479.html moved successfully.
C:\WINDOWS\System\MXf481.html moved successfully.
C:\WINDOWS\System\MXf483.html moved successfully.
C:\WINDOWS\System\MXf489.html moved successfully.
C:\WINDOWS\System\MXf493.html moved successfully.
C:\WINDOWS\System\MXf499.html moved successfully.
C:\WINDOWS\System\MXf505.html moved successfully.
C:\WINDOWS\System\MXf512.html moved successfully.
C:\WINDOWS\System\MXf515.html moved successfully.
C:\WINDOWS\System\MXf517.html moved successfully.
C:\WINDOWS\System\MXf518.html moved successfully.
C:\WINDOWS\System\MXf522.html moved successfully.
C:\WINDOWS\System\MXf523.html moved successfully.
C:\WINDOWS\System\MXf524.html moved successfully.
C:\WINDOWS\System\MXf533.html moved successfully.
C:\WINDOWS\System\MXf539.html moved successfully.
C:\WINDOWS\System\MXf540.html moved successfully.
C:\WINDOWS\System\MXf542.html moved successfully.
C:\WINDOWS\System\MXf548.html moved successfully.
C:\WINDOWS\System\MXf549.html moved successfully.
C:\WINDOWS\System\MXf550.html moved successfully.
C:\WINDOWS\System\MXf551.html moved successfully.
C:\WINDOWS\System\MXf557.html moved successfully.
C:\WINDOWS\System\MXf559.html moved successfully.
C:\WINDOWS\System\MXf562.html moved successfully.
C:\WINDOWS\System\MXf581.html moved successfully.
C:\WINDOWS\System\MXf584.html moved successfully.
C:\WINDOWS\System\MXf589.html moved successfully.
C:\WINDOWS\System\MXf593.html moved successfully.
C:\WINDOWS\System\MXf595.html moved successfully.
C:\WINDOWS\System\MXf596.html moved successfully.
C:\WINDOWS\System\MXf597.html moved successfully.
C:\WINDOWS\System\MXf599.html moved successfully.
C:\WINDOWS\System\MXf611.html moved successfully.
C:\WINDOWS\System\MXf613.html moved successfully.
C:\WINDOWS\System\MXf614.html moved successfully.
C:\WINDOWS\System\MXf616.html moved successfully.
C:\WINDOWS\System\MXf621.html moved successfully.
C:\WINDOWS\System\MXf627.html moved successfully.
C:\WINDOWS\System\MXf629.html moved successfully.
C:\WINDOWS\System\MXf636.html moved successfully.
C:\WINDOWS\System\MXf637.html moved successfully.
C:\WINDOWS\System\MXf644.html moved successfully.
C:\WINDOWS\System\MXf647.html moved successfully.
C:\WINDOWS\System\MXf655.html moved successfully.
C:\WINDOWS\System\MXf656.html moved successfully.
C:\WINDOWS\System\MXf668.html moved successfully.
C:\WINDOWS\System\MXf672.html moved successfully.
C:\WINDOWS\System\MXf678.html moved successfully.
C:\WINDOWS\System\MXf682.html moved successfully.
C:\WINDOWS\System\MXf683.html moved successfully.
C:\WINDOWS\System\MXf689.html moved successfully.
C:\WINDOWS\System\MXf693.html moved successfully.
C:\WINDOWS\System\MXf695.html moved successfully.
C:\WINDOWS\System\MXf696.html moved successfully.
C:\WINDOWS\System\MXf698.html moved successfully.
C:\WINDOWS\System\MXf704.html moved successfully.
C:\WINDOWS\System\MXf711.html moved successfully.
C:\WINDOWS\System\MXf714.html moved successfully.
C:\WINDOWS\System\MXf715.html moved successfully.
C:\WINDOWS\System\MXf716.html moved successfully.
C:\WINDOWS\System\MXf717.html moved successfully.
C:\WINDOWS\System\MXf725.html moved successfully.
C:\WINDOWS\System\MXf727.html moved successfully.
C:\WINDOWS\System\MXf735.html moved successfully.
C:\WINDOWS\System\MXf736.html moved successfully.
C:\WINDOWS\System\MXf738.html moved successfully.
C:\WINDOWS\System\MXf739.html moved successfully.
C:\WINDOWS\System\MXf747.html moved successfully.
C:\WINDOWS\System\MXf749.html moved successfully.
C:\WINDOWS\System\MXf752.html moved successfully.
C:\WINDOWS\System\MXf767.html moved successfully.
C:\WINDOWS\System\MXf770.html moved successfully.
C:\WINDOWS\System\MXf778.html moved successfully.
C:\WINDOWS\System\MXf788.html moved successfully.
C:\WINDOWS\System\MXf792.html moved successfully.
C:\WINDOWS\System\MXf795.html moved successfully.
C:\WINDOWS\System\MXf799.html moved successfully.
C:\WINDOWS\System\MXf801.html moved successfully.
C:\WINDOWS\System\MXf807.html moved successfully.
C:\WINDOWS\System\MXf808.html moved successfully.
C:\WINDOWS\System\MXf812.html moved successfully.
C:\WINDOWS\System\MXf830.html moved successfully.
C:\WINDOWS\System\MXf831.html moved successfully.
C:\WINDOWS\System\MXf837.html moved successfully.
C:\WINDOWS\System\MXf846.html moved successfully.
C:\WINDOWS\System\MXf851.html moved successfully.
C:\WINDOWS\System\MXf855.html moved successfully.
C:\WINDOWS\System\MXf858.html moved successfully.
C:\WINDOWS\System\MXf860.html moved successfully.
C:\WINDOWS\System\MXf863.html moved successfully.
C:\WINDOWS\System\MXf880.html moved successfully.
C:\WINDOWS\System\MXf882.html moved successfully.
C:\WINDOWS\System\MXf884.html moved successfully.
C:\WINDOWS\System\MXf888.html moved successfully.
C:\WINDOWS\System\MXf896.html moved successfully.
C:\WINDOWS\System\MXf903.html moved successfully.
C:\WINDOWS\System\MXf906.html moved successfully.
C:\WINDOWS\System\MXf912.html moved successfully.
C:\WINDOWS\System\MXf921.html moved successfully.
C:\WINDOWS\System\MXf922.html moved successfully.
C:\WINDOWS\System\MXf930.html moved successfully.
C:\WINDOWS\System\MXf931.html moved successfully.
C:\WINDOWS\System\MXf937.html moved successfully.
C:\WINDOWS\System\MXf939.html moved successfully.
C:\WINDOWS\System\MXf940.html moved successfully.
C:\WINDOWS\System\MXf944.html moved successfully.
C:\WINDOWS\System\MXf946.html moved successfully.
C:\WINDOWS\System\MXf948.html moved successfully.
C:\WINDOWS\System\MXf949.html moved successfully.
C:\WINDOWS\System\MXf951.html moved successfully.
C:\WINDOWS\System\MXf953.html moved successfully.
C:\WINDOWS\System\MXf958.html moved successfully.
C:\WINDOWS\System\MXf960.html moved successfully.
C:\WINDOWS\System\MXf961.html moved successfully.
C:\WINDOWS\System\MXf965.html moved successfully.
C:\WINDOWS\System\MXf970.html moved successfully.
C:\WINDOWS\System\MXf974.html moved successfully.
C:\WINDOWS\System\MXf979.html moved successfully.
C:\WINDOWS\System\MXf982.html moved successfully.
C:\WINDOWS\System\MXf984.html moved successfully.
C:\WINDOWS\System\MXf988.html moved successfully.
C:\WINDOWS\System\MXf989.html moved successfully.
C:\WINDOWS\System\MXf998.html moved successfully.
C:\WINDOWS\System\MXf999.html moved successfully.
[Empty Temp Folders]


User: Administrator
->Temp folder emptied: 682521442 bytes
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 863374038 bytes
->Java cache emptied: 11854962 bytes
->FireFox cache emptied: 107208901 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1445821 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119049 bytes
%systemroot%\System32 .tmp files removed: 3782161 bytes
Windows Temp folder emptied: 21541463 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1614.55 mb

< End of fix log >
OTS by OldTimer - Version 3.0.21.0 fix logfile created on 10142009_111323

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTS Quick scan - 

OTS logfile created on: 14/10/2009 11:22:56 - Run 2
OTS by OldTimer - Version 3.0.21.0	 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
509.42 Mb Total Physical Memory | 13.70 Mb Available Physical Memory | 2.69% Memory free
1.22 Gb Paging File | 0.67 Gb Available in Paging File | 55.48% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 35.97 Gb Free Space | 46.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DOM
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Quick Scan
 
[Processes - Safe List]
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/09/29 21:26:33 | 01,028,432 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/09/29 21:26:34 | 00,520,024 | ---- | M] (Lavasoft)
alg.exe -> C:\WINDOWS\system\alg.exe -> [2008/08/14 00:32:53 | 00,843,776 | -HS- | M] (VisioSoft PhotoAlbum)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/08/18 23:00:12 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/08/18 23:00:12 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/10/06 09:24:30 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/18 23:00:02 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
daemon.exe -> C:\Program Files\DAEMON Tools Lite\daemon.exe -> [2008/04/01 10:39:48 | 00,486,856 | ---- | M] (DT Soft Ltd)
dpupdchk.exe -> C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe -> [2007/08/31 20:16:47 | 00,357,800 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2007/06/13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
hkcmd.exe -> C:\WINDOWS\System32\hkcmd.exe -> [2006/10/06 12:13:28 | 00,114,688 | ---- | M] (Intel Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2004/08/04 01:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation)
igfxpers.exe -> C:\WINDOWS\System32\igfxpers.exe -> [2006/10/06 12:10:06 | 00,094,208 | ---- | M] (Intel Corporation)
igfxtray.exe -> C:\WINDOWS\System32\igfxtray.exe -> [2006/10/06 12:11:10 | 00,098,304 | ---- | M] (Intel Corporation)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
ipoint.exe -> C:\Program Files\Microsoft IntelliPoint\ipoint.exe -> [2007/08/31 20:01:21 | 01,037,736 | ---- | M] (Microsoft Corporation)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
itype.exe -> C:\Program Files\Microsoft IntelliType Pro\itype.exe -> [2007/08/31 20:13:41 | 00,988,584 | ---- | M] (Microsoft Corporation)
jusched.exe -> C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
khost.exe -> C:\Program Files\Kontiki\KHost.exe -> [2007/04/23 11:23:14 | 01,032,640 | ---- | M] (Kontiki Inc.)
kservice.exe -> C:\Program Files\Kontiki\KService.exe -> [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/10/13 12:03:03 | 00,520,192 | ---- | M] (OldTimer Tools)
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/10/13 12:03:03 | 00,520,192 | ---- | M] (OldTimer Tools)
reader_sl.exe -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe -> [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
rthdcpl.exe -> C:\WINDOWS\RTHDCPL.EXE -> [2006/06/28 23:54:52 | 16,248,320 | ---- | M] (Realtek Semiconductor Corp.)
searchprotection.exe -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe -> [2009/02/23 14:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
unsecapp.exe -> C:\WINDOWS\System32\wbem\unsecapp.exe -> [2001/08/23 13:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2009/02/06 17:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2009/02/06 17:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 21:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
 
[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/18 23:00:02 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(gupdate) Google Update Service (gupdate) [Win32_Own | Auto | Stopped] -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2009/08/20 19:42:02 | 00,133,104 | ---- | M] (Google Inc.)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/04 01:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
(KService) KService [Win32_Own | Auto | Running] -> C:\Program Files\Kontiki\KService.exe -> [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/09/29 21:26:33 | 01,028,432 | ---- | M] (Lavasoft)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(YahooAUService) Yahoo! Updater [Win32_Own | Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 21:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.yahoo.com/ -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: SearchURL\\"provider" -> yaho -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/09/02 11:58:12 | 01,107,200 | ---- | M] ()
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/31 03:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\z91w8oyk.default\prefs.js -> 
browser.search.defaultenginename -> "Google" ->
browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 ->
extensions.enabledItems -> avg@igeared:2.609.002.003 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.87 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\z91w8oyk.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/08/15 11:43:21 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES\AVG\AVG8\FIREFOX [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009/08/18 23:00:02 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\avg@igeared -> C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED [C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED] -> [2009/10/06 23:03:33 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/10/07 20:09:08 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/09/16 20:49:45 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions -> [2008/08/29 19:10:33 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/08/29 19:10:33 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z91w8oyk.default\extensions -> [2009/10/06 23:59:31 | 00,098,634 | ---- | M] ()
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z91w8oyk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/10/06 23:59:31 | 00,098,634 | ---- | M] ()
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z91w8oyk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2009/10/06 23:59:31 | 00,098,634 | ---- | M] ()
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z91w8oyk.default\extensions\[email protected] -> [2009/10/06 23:59:31 | 00,098,634 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/09/16 20:49:45 | 09,767,928 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2009/09/16 20:49:45 | 09,767,928 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/09/16 20:49:45 | 09,767,928 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} -> [2009/09/16 20:49:45 | 09,767,928 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -> [2009/09/16 20:49:45 | 09,767,928 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/10/07 20:09:08 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/09/16 20:49:40 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/09/16 20:49:41 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/09/16 20:49:45 | 00,000,000 | ---D | M]
np32dsw.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\np32dsw.dll -> [2008/06/17 16:12:42 | 00,114,688 | ---- | M] (Adobe Systems, Inc.)
npJoostPlugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npJoostPlugin.dll -> [2007/11/29 11:00:52 | 00,066,208 | ---- | M] (Joost Technologies B.V. )
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/09/16 20:49:42 | 00,065,528 | ---- | M] (mozilla.org)
NPOFFICE.DLL -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPOFFICE.DLL -> [2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation)
nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.)
nppl3260.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppl3260.dll -> [2008/06/26 23:39:42 | 00,144,984 | ---- | M] (RealNetworks, Inc.)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
nprjplug.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nprjplug.dll -> [2008/06/26 23:39:49 | 00,008,192 | ---- | M] (RealNetworks, Inc.)
nprpjplug.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nprpjplug.dll -> [2008/06/26 23:39:41 | 00,094,208 | ---- | M] (RealNetworks, Inc.)
nsIQTScriptablePlugin.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nsIQTScriptablePlugin.xpt -> [2008/01/04 19:49:30 | 00,002,394 | ---- | M] ()
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2008/12/24 13:57:15 | 00,004,208 | ---- | M] ()
ShockwavePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ShockwavePlugin.cla -> [2008/06/17 15:23:18 | 00,001,144 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/08/18 23:01:09 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2008/11/17 00:21:07 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2008/11/17 00:21:07 | 00,002,193 | ---- | M] ()
avg_igeared.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\avg_igeared.xml -> [2009/08/18 23:02:52 | 00,001,489 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2008/11/17 00:21:07 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2008/11/17 00:21:07 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2008/11/17 00:21:07 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2008/11/17 00:21:07 | 00,001,178 | ---- | M] ()
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
Reset Hosts
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2009/07/31 03:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/08/18 23:00:13 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 04:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/09/02 11:58:12 | 01,107,200 | ---- | M] ()
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [SingleInstance Class] -> [2009/07/31 03:44:02 | 00,159,472 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/09/02 11:58:12 | 01,107,200 | ---- | M] ()
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/31 03:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/09/02 11:58:12 | 01,107,200 | ---- | M] ()
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/31 03:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"4oD" -> C:\Program Files\Kontiki\KHost.exe ["C:\Program Files\Kontiki\KHost.exe" -all] -> [2007/04/23 11:23:14 | 01,032,640 | ---- | M] (Kontiki Inc.)
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"Alcmtr" -> C:\WINDOWS\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/04 03:43:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.)
"alg.exe" -> C:\WINDOWS\system\alg.exe [C:\WINDOWS\system\alg.exe] -> [2008/08/14 00:32:53 | 00,843,776 | -HS- | M] (VisioSoft PhotoAlbum)
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/10/06 09:24:30 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
"HotKeysCmds" -> C:\WINDOWS\System32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2006/10/06 12:13:28 | 00,114,688 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\WINDOWS\System32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2006/10/06 12:11:10 | 00,098,304 | ---- | M] (Intel Corporation)
"IntelliPoint" -> C:\Program Files\Microsoft IntelliPoint\ipoint.exe ["C:\Program Files\Microsoft IntelliPoint\ipoint.exe"] -> [2007/08/31 20:01:21 | 01,037,736 | ---- | M] (Microsoft Corporation)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
"itype" -> C:\Program Files\Microsoft IntelliType Pro\itype.exe ["C:\Program Files\Microsoft IntelliType Pro\itype.exe"] -> [2007/08/31 20:13:41 | 00,988,584 | ---- | M] (Microsoft Corporation)
"Persistence" -> C:\WINDOWS\System32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2006/10/06 12:10:06 | 00,094,208 | ---- | M] (Intel Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/11/04 11:30:50 | 00,413,696 | ---- | M] (Apple Inc.)
"RTHDCPL" -> C:\WINDOWS\RTHDCPL.exe [RTHDCPL.EXE] -> [2006/06/28 23:54:52 | 16,248,320 | ---- | M] (Realtek Semiconductor Corp.)
"SkyTel" -> C:\WINDOWS\SkyTel.exe [SkyTel.EXE] -> [2006/05/17 03:04:26 | 02,879,488 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"YSearchProtection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> [2009/02/23 14:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DAEMON Tools Lite" -> C:\Program Files\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun] -> [2008/04/01 10:39:48 | 00,486,856 | ---- | M] (DT Soft Ltd)
"kdx" -> C:\Program Files\Kontiki\KHost.exe [C:\Program Files\Kontiki\KHost.exe -all] -> [2007/04/23 11:23:14 | 01,032,640 | ---- | M] (Kontiki Inc.)
"MsnMsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
"Search Protection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> [2009/02/23 14:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2009/04/21 22:43:04 | 10,351,936 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab [MSN Photo Upload Tool] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.2.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5B8136CC-1304-4CD1-8B5B-A26C2544D0FE}\\DhcpNameServer -> 192.168.2.1   (BUFFALO WLI-U2-KG54L Wireless LAN Adapter) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/08/18 23:00:59 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2006/10/06 12:09:04 | 00,155,648 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 01:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 01:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\DeusEx\System\DeusEx.exe" -> C:\DeusEx\System\DeusEx.exe [C:\DeusEx\System\DeusEx.exe:*:Enabled:DeusEx] -> [2008/03/24 16:02:34 | 00,253,952 | ---- | M] ()
"C:\Program Files\AVG\AVG8\avgnsx.exe" -> C:\Program Files\AVG\AVG8\avgnsx.exe [C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2009/08/18 23:00:12 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/10/07 19:56:55 | 01,142,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 14:20:48 | 14,294,824 | ---- | M] (Apple Inc.)
"C:\Program Files\Joost\xulrunner\tvprunner.exe" -> C:\Program Files\Joost\xulrunner\tvprunner.exe [C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner] -> [2007/11/29 11:01:26 | 02,560,672 | ---- | M] (Joost Technologies B.V.)
"C:\Program Files\Kontiki\KService.exe" -> C:\Program Files\Kontiki\KService.exe [C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service] -> [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2008/04/18 20:21:09 | 00,147,456 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2009/09/16 20:49:41 | 00,307,704 | ---- | M] (Mozilla Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/05/30 15:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe" -> C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe [C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008] -> [2007/09/26 17:36:59 | 38,765,824 | ---- | M] (Sports Interactive)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007/12/15 20:21:24 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
 
 
[Files/Folders - Created Within 14 Days]
Kontiki -> C:\Documents and Settings\All Users\Application Data\Kontiki -> [2009/10/14 11:30:04 | 00,000,000 | ---D | M]
Program Files -> C:\Program Files -> [2009/10/12 18:53:37 | 00,000,000 | R--D | M]
Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2009/10/14 11:06:35 | 00,000,000 | ---D | M]
Trend Micro -> C:\Program Files\Trend Micro -> [2009/10/12 18:53:37 | 00,000,000 | ---D | M]
LastGood -> C:\WINDOWS\LastGood -> [2009/10/14 11:28:22 | 00,000,000 | ---D | C]
_OTS -> C:\_OTS -> [2009/10/14 11:13:23 | 00,000,000 | ---D | C]
RootRepeal.exe -> C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe -> [2009/10/13 12:04:37 | 00,472,064 | ---- | C] ( )
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/10/13 12:02:54 | 00,520,192 | ---- | C] (OldTimer Tools)
HijackThisInstaller.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThisInstaller.exe -> [2009/10/12 18:52:54 | 00,812,344 | ---- | C] (Trend Micro Inc.)
HijackThis.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThis.exe -> [2009/10/12 18:52:18 | 00,401,720 | ---- | C] (Trend Micro Inc.)
 
[Files/Folders - Modified Within 14 Days]
MSMOUSE.DLL -> C:\WINDOWS\System\MSMOUSE.DLL -> [2009/10/14 11:21:06 | 00,000,622 | -HS- | M] ()
WGASetup.job -> C:\WINDOWS\tasks\WGASetup.job -> [2009/10/14 11:20:40 | 00,000,260 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2009/10/14 11:20:04 | 00,000,896 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/10/14 11:20:00 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/10/14 11:19:59 | 00,002,048 | --S- | M] ()
NTUSER.DAT -> C:\Documents and Settings\Administrator\NTUSER.DAT -> [2009/10/14 11:18:48 | 04,194,304 | -H-- | M] ()
ntuser.ini -> C:\Documents and Settings\Administrator\ntuser.ini -> [2009/10/14 11:18:48 | 00,000,278 | -HS- | M] ()
incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2009/10/14 10:59:00 | 42,812,116 | ---- | M] ()
microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2009/10/14 10:59:00 | 00,027,205 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2009/10/14 00:47:04 | 00,000,900 | ---- | M] ()
IconCache.db -> C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db -> [2009/10/13 20:39:11 | 06,425,726 | -H-- | M] ()
settings.dat -> C:\Documents and Settings\Administrator\Desktop\settings.dat -> [2009/10/13 12:42:25 | 00,000,000 | ---- | M] ()
RootRepeal.exe -> C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe -> [2009/10/13 12:04:43 | 00,472,064 | ---- | M] ( )
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/10/13 12:03:03 | 00,520,192 | ---- | M] (OldTimer Tools)
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2009/10/12 21:28:59 | 00,000,472 | ---- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2009/10/12 20:30:02 | 00,000,284 | ---- | M] ()
HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2009/10/12 18:53:39 | 00,001,734 | ---- | M] ()
HijackThisInstaller.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThisInstaller.exe -> [2009/10/12 18:52:58 | 00,812,344 | ---- | M] (Trend Micro Inc.)
HijackThis.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThis.exe -> [2009/10/12 18:52:18 | 00,401,720 | ---- | M] (Trend Micro Inc.)
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/10/11 20:19:34 | 00,002,206 | ---- | M] ()
miniavi.avg -> C:\WINDOWS\System32\drivers\Avg\miniavi.avg -> [2009/10/01 22:55:38 | 00,492,629 | ---- | M] ()
iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2009/09/30 20:45:12 | 00,002,137 | ---- | M] ()
 
[Files - No Company Name]
ckCm.html -> C:\WINDOWS\System\ckCm.html -> [2009/10/14 11:30:30 | 00,000,381 | ---- | C] ()
MSMOUSE.DLL -> C:\WINDOWS\System\MSMOUSE.DLL -> [2009/10/14 00:23:44 | 00,000,622 | -HS- | C] ()
settings.dat -> C:\Documents and Settings\Administrator\Desktop\settings.dat -> [2009/10/13 12:42:25 | 00,000,000 | ---- | C] ()
HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2009/10/12 18:53:39 | 00,001,734 | ---- | C] ()
IconCache.db -> C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db -> [2008/06/27 00:32:18 | 06,425,726 | -H-- | C] ()
sptd.sys -> C:\WINDOWS\System32\drivers\sptd.sys -> [2008/05/19 13:12:13 | 00,717,296 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2008/03/16 21:56:39 | 00,765,952 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2008/03/16 21:56:39 | 00,180,224 | ---- | C] ()
qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2008/02/21 03:05:44 | 03,596,288 | ---- | C] ()
dtu100.dll.manifest -> C:\WINDOWS\System32\dtu100.dll.manifest -> [2008/02/21 03:04:16 | 00,000,416 | ---- | C] ()
dpl100.dll.manifest -> C:\WINDOWS\System32\dpl100.dll.manifest -> [2008/02/21 03:04:16 | 00,000,416 | ---- | C] ()
DivXWMPExtType.dll -> C:\WINDOWS\System32\DivXWMPExtType.dll -> [2008/02/21 03:03:24 | 00,012,288 | ---- | C] ()
QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2008/01/23 19:05:45 | 00,001,755 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/01/08 18:57:06 | 00,017,408 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2007/12/15 20:57:58 | 00,000,376 | ---- | C] ()
desktop.ini -> C:\Documents and Settings\Administrator\Application Data\desktop.ini -> [2007/12/15 20:51:36 | 00,000,062 | -HS- | C] ()
RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2007/12/15 13:23:03 | 00,135,168 | ---- | C] ()
igfxCoIn_v4704.dll -> C:\WINDOWS\System32\igfxCoIn_v4704.dll -> [2007/12/15 13:20:04 | 00,200,704 | ---- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2007/12/15 13:15:27 | 00,043,920 | ---- | C] ()
desktop.ini -> C:\Documents and Settings\All Users\Application Data\desktop.ini -> [2007/12/15 11:54:59 | 00,000,062 | -HS- | C] ()
BFAIFILT.SYS -> C:\WINDOWS\System32\drivers\BFAIFILT.SYS -> [2004/07/13 05:49:00 | 00,003,264 | ---- | C] ()
AIFILT.SYS -> C:\WINDOWS\System32\drivers\AIFILT.SYS -> [2004/05/28 03:43:00 | 00,003,264 | ---- | C] ()
OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 16:05:08 | 00,002,695 | ---- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [2001/08/23 13:00:00 | 00,000,650 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2001/08/23 13:00:00 | 00,000,231 | ---- | C] ()
 
[File - Lop Check]
< End of report >


Malware log -

Malwarebytes' Anti-Malware 1.41
Database version: 2956
Windows 5.1.2600 Service Pack 2

14/10/2009 12:38:15
mbam-log-2009-10-14 (12-38-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 168055
Time elapsed: 1 hour(s), 1 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
NeonFx
Posted 14 October 2009 - 12:25 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
What are the errors you are getting? Please do the following now:

STEP 1

Run OTS

  • Under the Paste Fix Here box on the right, paste in the following

    [Kill All Processes]
    [Unregister Dlls]
    [Processes - Safe List]
    YY -> alg.exe -> C:\WINDOWS\system\alg.exe
    [Files - No Company Name]
    NY -> MSMOUSE.DLL -> C:\WINDOWS\System\MSMOUSE.DLL
    [Custom Items]
    :reg
    [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current]
    ""="%SystemRoot%\media\Windows XP Start.wav"
    :end
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • This will create a log in C:\_OTS\MovedFiles\<date>_<time>.txt where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste the contents of that file here.


STEP 2

Run OTS again and click on the Quick Scan button at the top. Copy and Paste the results of this scan in your next reply.
  • 0

#7
dom11
Posted 14 October 2009 - 04:50 PM

dom11

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi. The error coming up is says internet explorer has caused an error, send/don't send. This happens when internet explorer isn't even being used. Also explorer sometimes a window saying something about host gator before shutting itself again immeadiately.

I copied what you said and pasted it in. During the run i got a bad image error message saying:
The application or DLL C:\windows\system\MSMOUSE.dll is not a valid windows image. Please check this against your installation diskette.

Here's the log:

All Processes Killed
[Processes - Safe List]
Process alg.exe killed successfully!
C:\WINDOWS\system\alg.exe moved successfully.
[Files - No Company Name]
LoadLibrary failed for C:\WINDOWS\System\MSMOUSE.DLL
C:\WINDOWS\System\MSMOUSE.DLL NOT unregistered.
C:\WINDOWS\System\MSMOUSE.DLL moved successfully.
[Custom Items]
========== REGISTRY ==========
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.Current\\""|"%SystemRoot%\media\Windows XP Start.wav" /E : value set successfully!
< End of fix log >
OTS by OldTimer - Version 3.0.21.0 fix logfile created on 10142007_232443


OTS quick scan:

OTS logfile created on: 14/10/2009 23:33:17 - Run 3
OTS by OldTimer - Version 3.0.21.0	 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
509.42 Mb Total Physical Memory | 154.97 Mb Available Physical Memory | 30.42% Memory free
1.22 Gb Paging File | 0.79 Gb Available in Paging File | 64.69% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 37.24 Gb Free Space | 48.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DOM
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Quick Scan
 
[Processes - Safe List]
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/09/29 21:26:33 | 01,028,432 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/09/29 21:26:34 | 00,520,024 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/09/29 21:26:34 | 00,520,024 | ---- | M] (Lavasoft)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/08/18 23:00:12 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/08/18 23:00:12 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/10/06 09:24:30 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/18 23:00:02 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
daemon.exe -> C:\Program Files\DAEMON Tools Lite\daemon.exe -> [2008/04/01 10:39:48 | 00,486,856 | ---- | M] (DT Soft Ltd)
dpupdchk.exe -> C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe -> [2007/08/31 19:58:50 | 00,357,800 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2007/06/13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
googleupdate.exe -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2009/08/20 19:42:02 | 00,133,104 | ---- | M] (Google Inc.)
hkcmd.exe -> C:\WINDOWS\System32\hkcmd.exe -> [2006/10/06 12:13:28 | 00,114,688 | ---- | M] (Intel Corporation)
igfxpers.exe -> C:\WINDOWS\System32\igfxpers.exe -> [2006/10/06 12:10:06 | 00,094,208 | ---- | M] (Intel Corporation)
igfxtray.exe -> C:\WINDOWS\System32\igfxtray.exe -> [2006/10/06 12:11:10 | 00,098,304 | ---- | M] (Intel Corporation)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
ipoint.exe -> C:\Program Files\Microsoft IntelliPoint\ipoint.exe -> [2007/08/31 20:01:21 | 01,037,736 | ---- | M] (Microsoft Corporation)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
itype.exe -> C:\Program Files\Microsoft IntelliType Pro\itype.exe -> [2007/08/31 20:13:41 | 00,988,584 | ---- | M] (Microsoft Corporation)
jusched.exe -> C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
khost.exe -> C:\Program Files\Kontiki\KHost.exe -> [2007/04/23 11:23:14 | 01,032,640 | ---- | M] (Kontiki Inc.)
kservice.exe -> C:\Program Files\Kontiki\KService.exe -> [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/10/13 12:03:03 | 00,520,192 | ---- | M] (OldTimer Tools)
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/10/13 12:03:03 | 00,520,192 | ---- | M] (OldTimer Tools)
reader_sl.exe -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe -> [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
rthdcpl.exe -> C:\WINDOWS\RTHDCPL.EXE -> [2006/06/28 23:54:52 | 16,248,320 | ---- | M] (Realtek Semiconductor Corp.)
searchprotection.exe -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe -> [2009/02/23 14:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
unsecapp.exe -> C:\WINDOWS\System32\wbem\unsecapp.exe -> [2001/08/23 13:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2009/02/06 17:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 21:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
 
[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/18 23:00:02 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(gupdate) Google Update Service (gupdate) [Win32_Own | Auto | Stopped] -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2009/08/20 19:42:02 | 00,133,104 | ---- | M] (Google Inc.)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/04 01:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
(KService) KService [Win32_Own | Auto | Running] -> C:\Program Files\Kontiki\KService.exe -> [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/09/29 21:26:33 | 01,028,432 | ---- | M] (Lavasoft)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(YahooAUService) Yahoo! Updater [Win32_Own | Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 21:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.yahoo.com/ -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: SearchURL\\"provider" -> yaho -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/09/02 11:58:12 | 01,107,200 | ---- | M] ()
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/31 03:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\z91w8oyk.default\prefs.js -> 
browser.search.defaultenginename -> "Google" ->
browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 ->
extensions.enabledItems -> avg@igeared:2.609.002.003 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.87 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\z91w8oyk.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/08/15 11:43:21 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES\AVG\AVG8\FIREFOX [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009/08/18 23:00:02 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\avg@igeared -> C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED [C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED] -> [2009/10/06 23:03:33 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/10/07 20:09:08 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/09/16 20:49:45 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions -> [2008/08/29 19:10:33 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/08/29 19:10:33 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z91w8oyk.default\extensions -> [2009/10/06 23:59:31 | 00,098,634 | ---- | M] ()
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z91w8oyk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/10/06 23:59:31 | 00,098,634 | ---- | M] ()
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z91w8oyk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2009/10/06 23:59:31 | 00,098,634 | ---- | M] ()
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z91w8oyk.default\extensions\[email protected] -> [2009/10/06 23:59:31 | 00,098,634 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/09/16 20:49:45 | 09,767,928 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2009/09/16 20:49:45 | 09,767,928 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/09/16 20:49:45 | 09,767,928 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} -> [2009/09/16 20:49:45 | 09,767,928 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -> [2009/09/16 20:49:45 | 09,767,928 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/10/07 20:09:08 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/09/16 20:49:40 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/09/16 20:49:41 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/09/16 20:49:45 | 00,000,000 | ---D | M]
np32dsw.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\np32dsw.dll -> [2008/06/17 16:12:42 | 00,114,688 | ---- | M] (Adobe Systems, Inc.)
npJoostPlugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npJoostPlugin.dll -> [2007/11/29 11:00:52 | 00,066,208 | ---- | M] (Joost Technologies B.V. )
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/09/16 20:49:42 | 00,065,528 | ---- | M] (mozilla.org)
NPOFFICE.DLL -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPOFFICE.DLL -> [2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation)
nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.)
nppl3260.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppl3260.dll -> [2008/06/26 23:39:42 | 00,144,984 | ---- | M] (RealNetworks, Inc.)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
nprjplug.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nprjplug.dll -> [2008/06/26 23:39:49 | 00,008,192 | ---- | M] (RealNetworks, Inc.)
nprpjplug.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nprpjplug.dll -> [2008/06/26 23:39:41 | 00,094,208 | ---- | M] (RealNetworks, Inc.)
nsIQTScriptablePlugin.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nsIQTScriptablePlugin.xpt -> [2008/01/04 19:49:30 | 00,002,394 | ---- | M] ()
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2008/12/24 13:57:15 | 00,004,208 | ---- | M] ()
ShockwavePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ShockwavePlugin.cla -> [2008/06/17 15:23:18 | 00,001,144 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/08/18 23:01:09 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2008/11/17 00:21:07 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2008/11/17 00:21:07 | 00,002,193 | ---- | M] ()
avg_igeared.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\avg_igeared.xml -> [2009/08/18 23:02:52 | 00,001,489 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2008/11/17 00:21:07 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2008/11/17 00:21:07 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2008/11/17 00:21:07 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2008/11/17 00:21:07 | 00,001,178 | ---- | M] ()
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
Reset Hosts
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2009/07/31 03:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/08/18 23:00:13 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 04:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/09/02 11:58:12 | 01,107,200 | ---- | M] ()
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [SingleInstance Class] -> [2009/07/31 03:44:02 | 00,159,472 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/09/02 11:58:12 | 01,107,200 | ---- | M] ()
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/31 03:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/09/02 11:58:12 | 01,107,200 | ---- | M] ()
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/31 03:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"4oD" -> C:\Program Files\Kontiki\KHost.exe ["C:\Program Files\Kontiki\KHost.exe" -all] -> [2007/04/23 11:23:14 | 01,032,640 | ---- | M] (Kontiki Inc.)
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"Alcmtr" -> C:\WINDOWS\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/04 03:43:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.)
"alg.exe" -> C:\WINDOWS\system\alg.exe [C:\WINDOWS\system\alg.exe] -> File not found
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/10/06 09:24:30 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
"HotKeysCmds" -> C:\WINDOWS\System32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2006/10/06 12:13:28 | 00,114,688 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\WINDOWS\System32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2006/10/06 12:11:10 | 00,098,304 | ---- | M] (Intel Corporation)
"IntelliPoint" -> C:\Program Files\Microsoft IntelliPoint\ipoint.exe ["C:\Program Files\Microsoft IntelliPoint\ipoint.exe"] -> [2007/08/31 20:01:21 | 01,037,736 | ---- | M] (Microsoft Corporation)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
"itype" -> C:\Program Files\Microsoft IntelliType Pro\itype.exe ["C:\Program Files\Microsoft IntelliType Pro\itype.exe"] -> [2007/08/31 20:13:41 | 00,988,584 | ---- | M] (Microsoft Corporation)
"Persistence" -> C:\WINDOWS\System32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2006/10/06 12:10:06 | 00,094,208 | ---- | M] (Intel Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/11/04 11:30:50 | 00,413,696 | ---- | M] (Apple Inc.)
"RTHDCPL" -> C:\WINDOWS\RTHDCPL.exe [RTHDCPL.EXE] -> [2006/06/28 23:54:52 | 16,248,320 | ---- | M] (Realtek Semiconductor Corp.)
"SkyTel" -> C:\WINDOWS\SkyTel.exe [SkyTel.EXE] -> [2006/05/17 03:04:26 | 02,879,488 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"YSearchProtection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> [2009/02/23 14:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DAEMON Tools Lite" -> C:\Program Files\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun] -> [2008/04/01 10:39:48 | 00,486,856 | ---- | M] (DT Soft Ltd)
"kdx" -> C:\Program Files\Kontiki\KHost.exe [C:\Program Files\Kontiki\KHost.exe -all] -> [2007/04/23 11:23:14 | 01,032,640 | ---- | M] (Kontiki Inc.)
"MsnMsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
"Search Protection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> [2009/02/23 14:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2009/04/21 22:43:04 | 10,351,936 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab [MSN Photo Upload Tool] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.2.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5B8136CC-1304-4CD1-8B5B-A26C2544D0FE}\\DhcpNameServer -> 192.168.2.1   (BUFFALO WLI-U2-KG54L Wireless LAN Adapter) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/08/18 23:00:59 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2006/10/06 12:09:04 | 00,155,648 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 01:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 01:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\DeusEx\System\DeusEx.exe" -> C:\DeusEx\System\DeusEx.exe [C:\DeusEx\System\DeusEx.exe:*:Enabled:DeusEx] -> [2008/03/24 16:02:34 | 00,253,952 | ---- | M] ()
"C:\Program Files\AVG\AVG8\avgnsx.exe" -> C:\Program Files\AVG\AVG8\avgnsx.exe [C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2009/08/18 23:00:12 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/10/07 19:56:55 | 01,142,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 14:20:48 | 14,294,824 | ---- | M] (Apple Inc.)
"C:\Program Files\Joost\xulrunner\tvprunner.exe" -> C:\Program Files\Joost\xulrunner\tvprunner.exe [C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner] -> [2007/11/29 11:01:26 | 02,560,672 | ---- | M] (Joost Technologies B.V.)
"C:\Program Files\Kontiki\KService.exe" -> C:\Program Files\Kontiki\KService.exe [C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service] -> [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2008/04/18 20:21:09 | 00,147,456 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2009/09/16 20:49:41 | 00,307,704 | ---- | M] (Mozilla Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/05/30 15:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe" -> C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe [C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008] -> [2007/09/26 17:36:59 | 38,765,824 | ---- | M] (Sports Interactive)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007/12/15 20:21:24 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
 
 
[Files/Folders - Created Within 14 Days]
Kontiki -> C:\Documents and Settings\All Users\Application Data\Kontiki -> [2009/10/14 23:35:41 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\Administrator\Application Data -> [2009/10/14 15:27:11 | 00,000,000 | -H-D | M]
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/10/14 11:35:55 | 00,000,000 | ---D | M]
Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2009/10/14 23:31:56 | 00,000,000 | ---D | M]
Trend Micro -> C:\Program Files\Trend Micro -> [2009/10/12 18:53:37 | 00,000,000 | ---D | M]
My Documents -> C:\Documents and Settings\Administrator\Desktop\My Documents -> [2009/10/14 15:27:40 | 00,000,000 | ---D | C]
tod-demo-zip.exe -> C:\Documents and Settings\Administrator\Desktop\tod-demo-zip.exe -> [2009/10/14 15:26:26 | 00,364,064 | ---- | C] (Digital River)
_OTS -> C:\_OTS -> [2009/10/14 11:13:23 | 00,000,000 | ---D | C]
RootRepeal.exe -> C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe -> [2009/10/13 12:04:37 | 00,472,064 | ---- | C] ( )
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/10/13 12:02:54 | 00,520,192 | ---- | C] (OldTimer Tools)
HijackThisInstaller.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThisInstaller.exe -> [2009/10/12 18:52:54 | 00,812,344 | ---- | C] (Trend Micro Inc.)
HijackThis.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThis.exe -> [2009/10/12 18:52:18 | 00,401,720 | ---- | C] (Trend Micro Inc.)
 
[Files/Folders - Modified Within 14 Days]
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2009/10/14 23:33:59 | 00,000,896 | ---- | M] ()
incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2009/10/14 23:33:03 | 42,836,174 | ---- | M] ()
microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2009/10/14 23:33:03 | 00,027,311 | ---- | M] ()
tod-demo-zip.exe -> C:\Documents and Settings\Administrator\Desktop\tod-demo-zip.exe -> [2009/10/14 15:26:26 | 00,364,064 | ---- | M] (Digital River)
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2009/10/14 14:47:01 | 00,000,900 | ---- | M] ()
MXf691.html -> C:\WINDOWS\System\MXf691.html -> [2009/10/14 11:58:40 | 00,000,528 | ---- | M] ()
IconCache.db -> C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db -> [2009/10/13 20:39:11 | 06,425,726 | -H-- | M] ()
settings.dat -> C:\Documents and Settings\Administrator\Desktop\settings.dat -> [2009/10/13 12:42:25 | 00,000,000 | ---- | M] ()
RootRepeal.exe -> C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe -> [2009/10/13 12:04:43 | 00,472,064 | ---- | M] ( )
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/10/13 12:03:03 | 00,520,192 | ---- | M] (OldTimer Tools)
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2009/10/12 21:28:59 | 00,000,472 | ---- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2009/10/12 20:30:02 | 00,000,284 | ---- | M] ()
HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2009/10/12 18:53:39 | 00,001,734 | ---- | M] ()
HijackThisInstaller.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThisInstaller.exe -> [2009/10/12 18:52:58 | 00,812,344 | ---- | M] (Trend Micro Inc.)
HijackThis.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThis.exe -> [2009/10/12 18:52:18 | 00,401,720 | ---- | M] (Trend Micro Inc.)
miniavi.avg -> C:\WINDOWS\System32\drivers\Avg\miniavi.avg -> [2009/10/01 22:55:38 | 00,492,629 | ---- | M] ()
 
[Files - No Company Name]
MXf691.html -> C:\WINDOWS\System\MXf691.html -> [2009/10/14 11:58:40 | 00,000,528 | ---- | C] ()
settings.dat -> C:\Documents and Settings\Administrator\Desktop\settings.dat -> [2009/10/13 12:42:25 | 00,000,000 | ---- | C] ()
HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2009/10/12 18:53:39 | 00,001,734 | ---- | C] ()
IconCache.db -> C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db -> [2008/06/27 00:32:18 | 06,425,726 | -H-- | C] ()
sptd.sys -> C:\WINDOWS\System32\drivers\sptd.sys -> [2008/05/19 13:12:13 | 00,717,296 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2008/03/16 21:56:39 | 00,765,952 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2008/03/16 21:56:39 | 00,180,224 | ---- | C] ()
qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2008/02/21 03:05:44 | 03,596,288 | ---- | C] ()
dtu100.dll.manifest -> C:\WINDOWS\System32\dtu100.dll.manifest -> [2008/02/21 03:04:16 | 00,000,416 | ---- | C] ()
dpl100.dll.manifest -> C:\WINDOWS\System32\dpl100.dll.manifest -> [2008/02/21 03:04:16 | 00,000,416 | ---- | C] ()
DivXWMPExtType.dll -> C:\WINDOWS\System32\DivXWMPExtType.dll -> [2008/02/21 03:03:24 | 00,012,288 | ---- | C] ()
QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2008/01/23 19:05:45 | 00,001,755 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/01/08 18:57:06 | 00,017,408 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2007/12/15 20:57:58 | 00,000,376 | ---- | C] ()
desktop.ini -> C:\Documents and Settings\Administrator\Application Data\desktop.ini -> [2007/12/15 20:51:36 | 00,000,062 | -HS- | C] ()
RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2007/12/15 13:23:03 | 00,135,168 | ---- | C] ()
igfxCoIn_v4704.dll -> C:\WINDOWS\System32\igfxCoIn_v4704.dll -> [2007/12/15 13:20:04 | 00,200,704 | ---- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2007/12/15 13:15:27 | 00,043,920 | ---- | C] ()
desktop.ini -> C:\Documents and Settings\All Users\Application Data\desktop.ini -> [2007/12/15 11:54:59 | 00,000,062 | -HS- | C] ()
BFAIFILT.SYS -> C:\WINDOWS\System32\drivers\BFAIFILT.SYS -> [2004/07/13 05:49:00 | 00,003,264 | ---- | C] ()
AIFILT.SYS -> C:\WINDOWS\System32\drivers\AIFILT.SYS -> [2004/05/28 03:43:00 | 00,003,264 | ---- | C] ()
OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 16:05:08 | 00,002,695 | ---- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [2001/08/23 13:00:00 | 00,000,650 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2001/08/23 13:00:00 | 00,000,231 | ---- | C] ()
 
[File - Lop Check]
< End of report >

  • 0

#8
NeonFx
Posted 14 October 2009 - 05:02 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
I was pretty sure I added this to the OTS fix I gave you earlier, but it seems it's not there now. Please do the following:

STEP 1

Run OTS

  • Under the Paste Fix Here box on the right, paste in the following

    [Kill All Processes]
    [Registry - Safe List]
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> "alg.exe" -> C:\WINDOWS\system\alg.exe [C:\WINDOWS\system\alg.exe]
    [Custom Items]
    :clearrestorepoints
    :end
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • This will create a log in C:\_OTS\MovedFiles\<date>_<time>.txt where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste the contents of that file here.


STEP 2

Updating Internet Explorer will probably solve any problems you are experiencing if they are not related to malware. I need you to update Internet Explorer to IE8. Even if you don't use it, we need to have it updated as its components are deeply connected with Windows itself.

Please go here to download the installer:

http://www.microsoft.com/windows/internet-explorer/


STEP 3

We're also going to run an online scanner to look for anything else we may have missed. The online scanner uses Java, so I will need you to download and install the latest version for that as well.

Please go here to download the installer:

http://java.com/en/download/index.jsp



STEP 4

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.



2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.


The program will then begin downloading and installing and will also update the database.


Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image
  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply


STEP 5

Run OTS again and click on the Quick Scan button at the top. Attach the results of this scan in your next reply.

Edited by NeonFx, 14 October 2009 - 05:03 PM.

  • 0

#9
dom11
Posted 15 October 2009 - 04:32 AM

dom11

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTS -

All Processes Killed
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\alg.exe deleted successfully.
[Custom Items]
:clearrestorepoints
Restorepoints cleared and new one set!
< End of fix log >
OTS by OldTimer - Version 3.0.21.0 fix logfile created on 10152009_001125


Kaspersky -

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 15, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, October 15, 2009 02:25:14
Records in database: 2988137
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 69246
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:23:17


File name / Threat / Threats count
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\ready for war mayweather (best quality).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

Selected area has been scanned.


OTS Quick - 

OTS logfile created on: 15/10/2009 11:27:09 - Run 4
OTS by OldTimer - Version 3.0.21.0	 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
509.42 Mb Total Physical Memory | 169.28 Mb Available Physical Memory | 33.23% Memory free
1.22 Gb Paging File | 0.72 Gb Available in Paging File | 59.08% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 37.90 Gb Free Space | 49.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DOM
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Quick Scan
 
[Processes - Safe List]
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/09/29 21:26:33 | 01,028,432 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/09/29 21:26:34 | 00,520,024 | ---- | M] (Lavasoft)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/08/18 23:00:12 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/08/18 23:00:12 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/10/06 09:24:30 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/18 23:00:02 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
daemon.exe -> C:\Program Files\DAEMON Tools Lite\daemon.exe -> [2008/04/01 10:39:48 | 00,486,856 | ---- | M] (DT Soft Ltd)
dpupdchk.exe -> C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe -> [2007/08/31 20:16:47 | 00,357,800 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2007/06/13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
hkcmd.exe -> C:\WINDOWS\System32\hkcmd.exe -> [2006/10/06 12:13:28 | 00,114,688 | ---- | M] (Intel Corporation)
igfxpers.exe -> C:\WINDOWS\System32\igfxpers.exe -> [2006/10/06 12:10:06 | 00,094,208 | ---- | M] (Intel Corporation)
igfxtray.exe -> C:\WINDOWS\System32\igfxtray.exe -> [2006/10/06 12:11:10 | 00,098,304 | ---- | M] (Intel Corporation)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
ipoint.exe -> C:\Program Files\Microsoft IntelliPoint\ipoint.exe -> [2007/08/31 20:01:21 | 01,037,736 | ---- | M] (Microsoft Corporation)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
itype.exe -> C:\Program Files\Microsoft IntelliType Pro\itype.exe -> [2007/08/31 20:13:41 | 00,988,584 | ---- | M] (Microsoft Corporation)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/10/15 01:09:50 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/10/15 01:09:50 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
khost.exe -> C:\Program Files\Kontiki\KHost.exe -> [2007/04/23 11:23:14 | 01,032,640 | ---- | M] (Kontiki Inc.)
kservice.exe -> C:\Program Files\Kontiki\KService.exe -> [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/10/13 12:03:03 | 00,520,192 | ---- | M] (OldTimer Tools)
rthdcpl.exe -> C:\WINDOWS\RTHDCPL.EXE -> [2006/06/28 23:54:52 | 16,248,320 | ---- | M] (Realtek Semiconductor Corp.)
searchprotection.exe -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe -> [2009/02/23 14:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
unsecapp.exe -> C:\WINDOWS\System32\wbem\unsecapp.exe -> [2001/08/23 13:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation)
wlcomm.exe -> C:\Program Files\Windows Live\Contacts\wlcomm.exe -> [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2009/02/06 17:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation)
wscntfy.exe -> C:\WINDOWS\System32\wscntfy.exe -> [2004/08/04 01:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 21:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
 
[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/18 23:00:02 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(gupdate) Google Update Service (gupdate) [Win32_Own | Auto | Stopped] -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2009/08/20 19:42:02 | 00,133,104 | ---- | M] (Google Inc.)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/04 01:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/10/15 01:09:50 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
(KService) KService [Win32_Own | Auto | Running] -> C:\Program Files\Kontiki\KService.exe -> [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/09/29 21:26:33 | 01,028,432 | ---- | M] (Lavasoft)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(YahooAUService) Yahoo! Updater [Win32_Own | Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 21:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/09/02 11:58:12 | 01,107,200 | ---- | M] ()
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/31 03:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\z91w8oyk.default\prefs.js -> 
browser.search.defaultenginename -> "Google" ->
browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 ->
extensions.enabledItems -> avg@igeared:2.609.002.003 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\z91w8oyk.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/08/15 11:43:21 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES\AVG\AVG8\FIREFOX [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009/08/18 23:00:02 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\avg@igeared -> C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED [C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED] -> [2009/10/06 23:03:33 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/10/15 01:09:50 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/10/07 20:09:08 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/10/15 01:10:06 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions -> [2008/08/29 19:10:33 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/08/29 19:10:33 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z91w8oyk.default\extensions -> [2009/10/15 05:19:32 | 00,097,856 | ---- | M] ()
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z91w8oyk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/10/15 05:19:32 | 00,097,856 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/09/16 20:49:45 | 09,767,928 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} -> [2009/09/16 20:49:45 | 09,767,928 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/09/16 20:49:45 | 09,767,928 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -> [2009/09/16 20:49:45 | 09,767,928 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -> [2009/09/16 20:49:45 | 09,767,928 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/10/07 20:09:08 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/09/16 20:49:40 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/09/16 20:49:41 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/10/15 01:10:06 | 00,000,000 | ---D | M]
np32dsw.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\np32dsw.dll -> [2008/06/17 16:12:42 | 00,114,688 | ---- | M] (Adobe Systems, Inc.)
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/10/15 01:09:50 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.)
npJoostPlugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npJoostPlugin.dll -> [2007/11/29 11:00:52 | 00,066,208 | ---- | M] (Joost Technologies B.V. )
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/09/16 20:49:42 | 00,065,528 | ---- | M] (mozilla.org)
NPOFFICE.DLL -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPOFFICE.DLL -> [2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation)
nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.)
nppl3260.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppl3260.dll -> [2008/06/26 23:39:42 | 00,144,984 | ---- | M] (RealNetworks, Inc.)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2008/12/24 13:57:15 | 00,143,360 | ---- | M] (Apple Inc.)
nprjplug.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nprjplug.dll -> [2008/06/26 23:39:49 | 00,008,192 | ---- | M] (RealNetworks, Inc.)
nprpjplug.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nprpjplug.dll -> [2008/06/26 23:39:41 | 00,094,208 | ---- | M] (RealNetworks, Inc.)
nsIQTScriptablePlugin.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nsIQTScriptablePlugin.xpt -> [2008/01/04 19:49:30 | 00,002,394 | ---- | M] ()
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2008/12/24 13:57:15 | 00,004,208 | ---- | M] ()
ShockwavePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ShockwavePlugin.cla -> [2008/06/17 15:23:18 | 00,001,144 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/08/18 23:01:09 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2008/11/17 00:21:07 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2008/11/17 00:21:07 | 00,002,193 | ---- | M] ()
avg_igeared.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\avg_igeared.xml -> [2009/08/18 23:02:52 | 00,001,489 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2008/11/17 00:21:07 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2008/11/17 00:21:07 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2008/11/17 00:21:07 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2008/11/17 00:21:07 | 00,001,178 | ---- | M] ()
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
Reset Hosts
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2009/07/31 03:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/08/18 23:00:13 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/09/02 11:58:12 | 01,107,200 | ---- | M] ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/10/15 01:09:50 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/10/15 01:09:50 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [SingleInstance Class] -> [2009/07/31 03:44:02 | 00,159,472 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/09/02 11:58:12 | 01,107,200 | ---- | M] ()
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/31 03:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/09/02 11:58:12 | 01,107,200 | ---- | M] ()
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/31 03:44:14 | 00,909,040 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"4oD" -> C:\Program Files\Kontiki\KHost.exe ["C:\Program Files\Kontiki\KHost.exe" -all] -> [2007/04/23 11:23:14 | 01,032,640 | ---- | M] (Kontiki Inc.)
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"Alcmtr" -> C:\WINDOWS\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/04 03:43:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.)
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/10/06 09:24:30 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
"HotKeysCmds" -> C:\WINDOWS\System32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2006/10/06 12:13:28 | 00,114,688 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\WINDOWS\System32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2006/10/06 12:11:10 | 00,098,304 | ---- | M] (Intel Corporation)
"IntelliPoint" -> C:\Program Files\Microsoft IntelliPoint\ipoint.exe ["C:\Program Files\Microsoft IntelliPoint\ipoint.exe"] -> [2007/08/31 20:01:21 | 01,037,736 | ---- | M] (Microsoft Corporation)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
"itype" -> C:\Program Files\Microsoft IntelliType Pro\itype.exe ["C:\Program Files\Microsoft IntelliType Pro\itype.exe"] -> [2007/08/31 20:13:41 | 00,988,584 | ---- | M] (Microsoft Corporation)
"Persistence" -> C:\WINDOWS\System32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2006/10/06 12:10:06 | 00,094,208 | ---- | M] (Intel Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/11/04 11:30:50 | 00,413,696 | ---- | M] (Apple Inc.)
"RTHDCPL" -> C:\WINDOWS\RTHDCPL.exe [RTHDCPL.EXE] -> [2006/06/28 23:54:52 | 16,248,320 | ---- | M] (Realtek Semiconductor Corp.)
"SkyTel" -> C:\WINDOWS\SkyTel.exe [SkyTel.EXE] -> [2006/05/17 03:04:26 | 02,879,488 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/10/15 01:09:50 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"YSearchProtection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> [2009/02/23 14:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DAEMON Tools Lite" -> C:\Program Files\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun] -> [2008/04/01 10:39:48 | 00,486,856 | ---- | M] (DT Soft Ltd)
"kdx" -> C:\Program Files\Kontiki\KHost.exe [C:\Program Files\Kontiki\KHost.exe -all] -> [2007/04/23 11:23:14 | 01,032,640 | ---- | M] (Kontiki Inc.)
"MsnMsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
"Search Protection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> [2009/02/23 14:05:34 | 00,111,856 | ---- | M] (Yahoo! Inc)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2009/04/21 22:43:04 | 10,351,936 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab [MSN Photo Upload Tool] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.2.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5B8136CC-1304-4CD1-8B5B-A26C2544D0FE}\\DhcpNameServer -> 192.168.2.1   (BUFFALO WLI-U2-KG54L Wireless LAN Adapter) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/08/18 23:00:59 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2006/10/06 12:09:04 | 00,155,648 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 01:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 01:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\DeusEx\System\DeusEx.exe" -> C:\DeusEx\System\DeusEx.exe [C:\DeusEx\System\DeusEx.exe:*:Enabled:DeusEx] -> [2008/03/24 16:02:34 | 00,253,952 | ---- | M] ()
"C:\Program Files\AVG\AVG8\avgnsx.exe" -> C:\Program Files\AVG\AVG8\avgnsx.exe [C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2009/08/18 23:00:12 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/10/07 19:56:55 | 01,142,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 14:20:48 | 14,294,824 | ---- | M] (Apple Inc.)
"C:\Program Files\Joost\xulrunner\tvprunner.exe" -> C:\Program Files\Joost\xulrunner\tvprunner.exe [C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner] -> [2007/11/29 11:01:26 | 02,560,672 | ---- | M] (Joost Technologies B.V.)
"C:\Program Files\Kontiki\KService.exe" -> C:\Program Files\Kontiki\KService.exe [C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service] -> [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2008/04/18 20:21:09 | 00,147,456 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2009/09/16 20:49:41 | 00,307,704 | ---- | M] (Mozilla Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/05/30 15:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe" -> C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe [C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008] -> [2007/09/26 17:36:59 | 38,765,824 | ---- | M] (Sports Interactive)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007/12/15 20:21:24 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
 
 
[Files/Folders - Created Within 14 Days]
Kontiki -> C:\Documents and Settings\All Users\Application Data\Kontiki -> [2009/10/15 11:28:02 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\Administrator\Application Data -> [2009/10/14 15:27:11 | 00,000,000 | -H-D | M]
Microsoft -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft -> [2009/10/15 00:59:05 | 00,000,000 | ---D | M]
Internet Explorer -> C:\Program Files\Internet Explorer -> [2009/10/15 00:58:42 | 00,000,000 | ---D | M]
Java -> C:\Program Files\Java -> [2009/10/15 01:09:45 | 00,000,000 | ---D | M]
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/10/14 11:35:55 | 00,000,000 | ---D | M]
Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2009/10/15 11:23:09 | 00,000,000 | ---D | M]
Trend Micro -> C:\Program Files\Trend Micro -> [2009/10/12 18:53:37 | 00,000,000 | ---D | M]
PrivacIE -> C:\Documents and Settings\Administrator\PrivacIE -> [2009/10/15 01:00:55 | 00,000,000 | -HSD | C]
IETldCache -> C:\Documents and Settings\Administrator\IETldCache -> [2009/10/15 00:58:50 | 00,000,000 | -HSD | C]
ie8updates -> C:\WINDOWS\ie8updates -> [2009/10/15 00:55:32 | 00,000,000 | ---D | C]
WBEM -> C:\WINDOWS\WBEM -> [2009/10/15 00:52:21 | 00,000,000 | ---D | C]
ie8 -> C:\WINDOWS\ie8 -> [2009/10/15 00:51:04 | 00,000,000 | -H-D | C]
My Documents -> C:\Documents and Settings\Administrator\Desktop\My Documents -> [2009/10/14 15:27:40 | 00,000,000 | ---D | C]
tod-demo-zip.exe -> C:\Documents and Settings\Administrator\Desktop\tod-demo-zip.exe -> [2009/10/14 15:26:26 | 00,364,064 | ---- | C] (Digital River)
_OTS -> C:\_OTS -> [2009/10/14 11:13:23 | 00,000,000 | ---D | C]
RootRepeal.exe -> C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe -> [2009/10/13 12:04:37 | 00,472,064 | ---- | C] ( )
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/10/13 12:02:54 | 00,520,192 | ---- | C] (OldTimer Tools)
HijackThisInstaller.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThisInstaller.exe -> [2009/10/12 18:52:54 | 00,812,344 | ---- | C] (Trend Micro Inc.)
HijackThis.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThis.exe -> [2009/10/12 18:52:18 | 00,401,720 | ---- | C] (Trend Micro Inc.)
 
[Files/Folders - Modified Within 14 Days]
microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2009/10/15 11:22:33 | 00,027,506 | ---- | M] ()
incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2009/10/15 11:22:32 | 42,879,815 | ---- | M] ()
WGASetup.job -> C:\WINDOWS\tasks\WGASetup.job -> [2009/10/15 11:20:34 | 00,000,260 | ---- | M] ()
NTUSER.DAT -> C:\Documents and Settings\Administrator\NTUSER.DAT -> [2009/10/15 11:19:01 | 04,194,304 | -H-- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2009/10/15 11:18:56 | 00,000,896 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/10/15 11:18:56 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/10/15 11:18:53 | 00,002,048 | --S- | M] ()
ntuser.ini -> C:\Documents and Settings\Administrator\ntuser.ini -> [2009/10/15 05:20:38 | 00,000,278 | -HS- | M] ()
IconCache.db -> C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db -> [2009/10/15 05:20:13 | 06,429,162 | -H-- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2009/10/15 04:47:04 | 00,000,900 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/10/15 01:08:08 | 00,002,206 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/10/15 00:55:52 | 00,001,393 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/10/15 00:21:16 | 00,492,536 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/10/15 00:21:16 | 00,435,396 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/10/15 00:21:16 | 00,068,292 | ---- | M] ()
tod-demo-zip.exe -> C:\Documents and Settings\Administrator\Desktop\tod-demo-zip.exe -> [2009/10/14 15:26:26 | 00,364,064 | ---- | M] (Digital River)
MXf691.html -> C:\WINDOWS\System\MXf691.html -> [2009/10/14 11:58:40 | 00,000,528 | ---- | M] ()
settings.dat -> C:\Documents and Settings\Administrator\Desktop\settings.dat -> [2009/10/13 12:42:25 | 00,000,000 | ---- | M] ()
RootRepeal.exe -> C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe -> [2009/10/13 12:04:43 | 00,472,064 | ---- | M] ( )
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/10/13 12:03:03 | 00,520,192 | ---- | M] (OldTimer Tools)
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2009/10/12 21:28:59 | 00,000,472 | ---- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2009/10/12 20:30:02 | 00,000,284 | ---- | M] ()
HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2009/10/12 18:53:39 | 00,001,734 | ---- | M] ()
HijackThisInstaller.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThisInstaller.exe -> [2009/10/12 18:52:58 | 00,812,344 | ---- | M] (Trend Micro Inc.)
HijackThis.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThis.exe -> [2009/10/12 18:52:18 | 00,401,720 | ---- | M] (Trend Micro Inc.)
miniavi.avg -> C:\WINDOWS\System32\drivers\Avg\miniavi.avg -> [2009/10/01 22:55:38 | 00,492,629 | ---- | M] ()
 
[Files - No Company Name]
MXf691.html -> C:\WINDOWS\System\MXf691.html -> [2009/10/14 11:58:40 | 00,000,528 | ---- | C] ()
settings.dat -> C:\Documents and Settings\Administrator\Desktop\settings.dat -> [2009/10/13 12:42:25 | 00,000,000 | ---- | C] ()
HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2009/10/12 18:53:39 | 00,001,734 | ---- | C] ()
IconCache.db -> C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db -> [2008/06/27 00:32:18 | 06,429,162 | -H-- | C] ()
sptd.sys -> C:\WINDOWS\System32\drivers\sptd.sys -> [2008/05/19 13:12:13 | 00,717,296 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2008/03/16 21:56:39 | 00,765,952 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2008/03/16 21:56:39 | 00,180,224 | ---- | C] ()
qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2008/02/21 03:05:44 | 03,596,288 | ---- | C] ()
dtu100.dll.manifest -> C:\WINDOWS\System32\dtu100.dll.manifest -> [2008/02/21 03:04:16 | 00,000,416 | ---- | C] ()
dpl100.dll.manifest -> C:\WINDOWS\System32\dpl100.dll.manifest -> [2008/02/21 03:04:16 | 00,000,416 | ---- | C] ()
DivXWMPExtType.dll -> C:\WINDOWS\System32\DivXWMPExtType.dll -> [2008/02/21 03:03:24 | 00,012,288 | ---- | C] ()
QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2008/01/23 19:05:45 | 00,001,755 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/01/08 18:57:06 | 00,017,408 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2007/12/15 20:57:58 | 00,000,376 | ---- | C] ()
desktop.ini -> C:\Documents and Settings\Administrator\Application Data\desktop.ini -> [2007/12/15 20:51:36 | 00,000,062 | -HS- | C] ()
RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2007/12/15 13:23:03 | 00,135,168 | ---- | C] ()
igfxCoIn_v4704.dll -> C:\WINDOWS\System32\igfxCoIn_v4704.dll -> [2007/12/15 13:20:04 | 00,200,704 | ---- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2007/12/15 13:15:27 | 00,043,920 | ---- | C] ()
desktop.ini -> C:\Documents and Settings\All Users\Application Data\desktop.ini -> [2007/12/15 11:54:59 | 00,000,062 | -HS- | C] ()
BFAIFILT.SYS -> C:\WINDOWS\System32\drivers\BFAIFILT.SYS -> [2004/07/13 05:49:00 | 00,003,264 | ---- | C] ()
AIFILT.SYS -> C:\WINDOWS\System32\drivers\AIFILT.SYS -> [2004/05/28 03:43:00 | 00,003,264 | ---- | C] ()
OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 16:05:08 | 00,002,695 | ---- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [2001/08/23 13:00:00 | 00,000,650 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2001/08/23 13:00:00 | 00,000,231 | ---- | C] ()
 
[File - Lop Check]
< End of report >


Thanks again
  • 0

#10
NeonFx
Posted 15 October 2009 - 12:13 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
You should be wary about downloading stuff illegally off of P2P networks like Limewire. It happens that more often than not these files will be infected, and it's the most common reason we see people asking for help here.

See HERE and HERE for more information on that specific infection.

To delete the file safely:

Run OTS

  • Under the Paste Fix Here box on the right, paste in the following

    [Kill All Processes]
    [Custom Items]
    :files
    C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\ready for war mayweather (best quality).mp3
    :end
    [Start Explorer]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • This will create a log in C:\_OTS\MovedFiles\<date>_<time>.txt where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste the contents of that file here.



============


What problems are you still experiencing?

Let's do the following to update your version of Windows: (It might take a couple of hours to download and install, but having the latest updates installed on your system is the single most important thing you can do to keep your system safe)

Go HERE and click on the Download button to download XP's Service Pack 3.

Before double clicking on the download to install it, you will want to make sure to disable your security programs (which in your case are AVG and Ad-Aware). We don't want these to interfere with the installation process.

Your computer should take care of everything, and reboot itself a couple of times before it's done. Once it's done, try your computer out for a while and let me know how your computer is running.

Edited by NeonFx, 15 October 2009 - 12:13 PM.

  • 0

#11
dom11
Posted 17 October 2009 - 05:31 AM

dom11

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hey

OTS -

All Processes Killed
[Custom Items]
========== FILES ==========
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\ready for war mayweather (best quality).mp3 moved successfully.
< End of fix log >
OTS by OldTimer - Version 3.0.21.0 fix logfile created on 10152009_224523



I've installed the windows update. The error messages appear to have stopped and avg isn't detecting anything either. The computer still seems sluggish, especially on start up. Once it gets going it seems alright though. Thanks again
  • 0

#12
NeonFx
Posted 17 October 2009 - 01:05 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
I'm glad to hear that solved that problem. Your system is now clean.

If you need advice on speeding your computer up check out this great article written up by a friend of mine: Maintaining your Machine

Let's cleanup.

STEP 1
To clean up OldTimer's tools, along with a few others, do the following:


  • Run OTS.exe by double clicking on it
  • Click on the "CleanUp" button on the top.
  • You will be asked if you wish to reboot your system, select "Yes"



STEP 2

Remove any other tools or files we used by right-clicking on them or any folders they created, hold down the Shift key, and select "Delete" by clicking on it. This will delete the files without sending them to the RecycleBin.


All Clean

Congratulations!, Posted Image, your system is now clean. Now that your system is safe we would like you to keep it that way. Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates


Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

Download BlockList Pro's HOSTS Manager HERE


  • Double click the Installer on your desktop and let it Install the Hosts Manager
  • After the installation is complete, click on the Hosts Manager icon on your desktop. (You can delete the other Hosts Switch icon from your desktop)
  • When the Hosts Manager comes up, click the small down arrows on the right side of the bar labeled Options and Tools,
  • Click Disable DNS Service. This is important
  • In the Left Pane, click Download
  • It will load 80,000 lines or more. When it finishes, also in the left pane, click Replace, and then click Save


You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.
If you have a separate party firewall or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

Install WinPatrol
Download it HERE
You can find information about how WinPatrol works HERE

Other Software Updates
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for Java and Adobe as these are subject to many security vulnerabilities.

Setting up Automatic Updates
So that it is not necessary to have to remember to update your computer regularly (something very important to securing your system), automatic updates should be configured on your computer. Microsoft has guides for XP and Vista on how to do this.

Read further information HERE on how to prevent Malware infections and keep yourself clean.
  • 0

#13
dom11
Posted 19 October 2009 - 12:07 PM

dom11

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I'll work through all the advice. You've been brilliant. Thanks again
  • 0

#14
NeonFx
Posted 19 October 2009 - 06:12 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP