Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

strange things in hijack this log

Started by jp575 , Oct 23 2009 08:44 PM

  • Please log in to reply

#1
jp575
Posted 23 October 2009 - 08:44 PM

jp575

    Member

  • Member
  • PipPip
  • 58 posts
Hello, I've seen a few entries in my hijack this log that werent there before, and im wondering if you all could take a look at it to see if its clean. Thanks guys...heres the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:07 PM, on 10/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\Intel\IDU\awtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\FarStone\GameDrive\GDP\GDTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [GameDrive] "C:\Program Files\FarStone\GameDrive\GDP\GDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Steam] "i:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RGSC] J:\RockstarGames\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158802693078
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9bc88f715e070) (gupdate1c9bc88f715e070) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10550 bytes
  • 0

Advertisements

#2
chamber
Posted 03 November 2009 - 04:53 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  • 0

#3
jp575
Posted 05 November 2009 - 01:45 PM

jp575

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
thanks for the help..
heres OTL.txt

OTL logfile created on: 11/5/2009 11:42:06 AM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Jake\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 6.82 Gb Free Space | 8.73% Space Free | Partition Type: NTFS
Drive D: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 677.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 154.76 Gb Total Space | 8.98 Gb Free Space | 5.81% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 232.88 Gb Total Space | 6.09 Gb Free Space | 2.62% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 15.32 Gb Free Space | 3.29% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 425.54 Gb Free Space | 91.36% Space Free | Partition Type: NTFS

Computer Name: HAL
Current User Name: Jake
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jake\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - I:\Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
PRC - C:\Program Files\AIM\aim.exe (America Online, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\FarStone\GameDrive\GDP\gdtask.exe (FarStone Technology Inc.)
PRC - C:\Program Files\Intel\IDU\IDUServ.exe (OSA Technologies, Inc.)
PRC - C:\Program Files\Intel\IDU\iptray.exe (OSA Technologies Inc., An Avocent Company)
PRC - C:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
PRC - C:\Program Files\Intel\IDU\awtray.exe (OSA Technologies Inc., An Avocent Company)
PRC - C:\WINDOWS\system32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\system32\BCMWLTRY.EXE (U.S. Robotics Corporation)
PRC - C:\WINDOWS\system32\wltray.exe (U.S. Robotics Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jake\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ekrn) -- File not found
SRV - (EhttpSrv) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (NACAgent) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe (Cisco Systems, Inc.)
SRV - (PnkBstrA) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (gupdate1c9bc88f715e070) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (iHCService) -- C:\Program Files\Intel\IDU\IDUServ.exe (OSA Technologies, Inc.)
SRV - (Diskeeper) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (wltrysvc) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()


========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091027.025\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091027.025\NAVENG.SYS (Symantec Corporation)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SysPlant) -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (MSTAPE) -- C:\WINDOWS\system32\drivers\mstape.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- C:\WINDOWS\system32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (AegisP) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (SIODRV) -- C:\WINDOWS\system32\drivers\SIODRV.SYS (Intel Corporation)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (e1express) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (FGDSCSI) -- C:\WINDOWS\system32\drivers\fgdscsi.sys (FarStone Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)
DRV - (smbusp) -- C:\WINDOWS\system32\drivers\intelsmb.sys (Intel Corporation)
DRV - (rt2500usb) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (Avocent/OSA Technologies Inc.)
DRV - (sfdrv01) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (UBHelper) -- C:\WINDOWS\system32\drivers\UBHelper.sys ()
DRV - (sfsync02) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (SMBios) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)
DRV - (fgdxbus) -- C:\WINDOWS\system32\drivers\fgdxbus.sys (FarStone Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2....en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:0.5.9
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/04 19:04:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 00:13:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/05 00:45:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 13:01:10 | 00,000,000 | ---D | M]

[2009/01/08 20:58:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Mozilla\Extensions
[2009/01/08 20:58:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/04 11:57:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\30f1p7u1.default\extensions
[2009/09/02 10:23:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\30f1p7u1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/04 00:27:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\30f1p7u1.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/10/23 13:31:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\30f1p7u1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/05 18:53:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\30f1p7u1.default\extensions\[email protected]
[2009/06/10 16:54:47 | 00,004,207 | ---- | M] () -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\Profiles\30f1p7u1.default\searchplugins\aim-search.xml
[2009/01/08 20:56:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/29 13:01:03 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/08 20:41:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2009/01/08 20:41:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/01/08 20:41:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/01/08 20:41:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/01/08 20:41:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/08 20:41:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/10/29 13:01:00 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 13:01:01 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/08/07 13:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2008/12/04 19:04:55 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/07/09 11:05:52 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2007/07/09 11:06:12 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2008/09/26 08:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2006/10/30 11:47:52 | 01,380,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/10/29 13:01:04 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/22 15:49:25 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/22 15:49:25 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/22 15:49:25 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/22 15:49:25 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/22 15:49:25 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/22 15:49:25 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/22 15:49:25 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/04/16 09:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/10/29 13:01:08 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/29 13:01:08 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/29 13:01:08 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/29 13:01:08 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/29 13:01:08 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/29 13:01:08 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/29 13:01:08 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (WinWSD Toolbar Helper) - {AFC482CE-DC40-497A-AE10-681C072F6F6A} - C:\Program Files\WinWSD Toolbar\v3.2.0.0\WinWSD_Toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (WinWSD Toolbar) - {F1273B21-0B77-4481-BFB9-0A3C399BE3FE} - C:\Program Files\WinWSD Toolbar\v3.2.0.0\WinWSD_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WinWSD Toolbar) - {F1273B21-0B77-4481-BFB9-0A3C399BE3FE} - C:\Program Files\WinWSD Toolbar\v3.2.0.0\WinWSD_Toolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [awTray.exe] C:\Program Files\Intel\IDU\awtray.exe (OSA Technologies Inc., An Avocent Company)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [GameDrive] C:\Program Files\FarStone\GameDrive\GDP\GDTask.exe (FarStone Technology Inc.)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [ipTray.exe] C:\Program Files\Intel\IDU\iptray.exe (OSA Technologies Inc., An Avocent Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (U.S. Robotics Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] i:\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeText =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeCaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1158802693078 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.65.16.254 129.65.21.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/03 15:52:33 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/15 01:52:50 | 00,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/11 09:03:48 | 00,000,054 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2006/05/18 12:52:21 | 04,386,816 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/05/18 12:52:21 | 00,000,047 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/05/18 12:47:10 | 00,000,000 | R--D | M] - E:\autorun -- [ CDFS ]
O33 - MountPoints2\{577b753c-0af8-11db-8de5-001676879543}\Shell - "" = AutoRun
O33 - MountPoints2\{577b753c-0af8-11db-8de5-001676879543}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{577b753c-0af8-11db-8de5-001676879543}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2006/05/18 12:52:21 | 04,386,816 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/07/03 23:27:07 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: googletalk - hkey= - key= - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: RGSC - hkey= - key= - J:\RockstarGames\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B2AF9327-5E41-6AB1-12A1-2B5B14123742} - DirectAnimation
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CB86EC62-CEA7-4C82-9EBA-B7A5E410E54C} - Yahoo! YPSR Engine
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CFHD - C:\WINDOWS\System32\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2009/11/05 11:36:30 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jake\Desktop\OTL.exe
[2009/11/01 03:44:02 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Jake\Recent
[2009/10/31 18:10:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jake\Local Settings\Application Data\Temp
[2009/10/30 13:51:41 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/10/28 12:03:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jake\My Documents\History 100
[2009/10/28 10:22:13 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/10/26 17:43:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jake\My Documents\azevedo's site
[2009/10/26 17:41:52 | 00,227,052 | ---- | C] (Attila Keszi) -- C:\WINDOWS\WinWSD_Toolbar_Uninstaller_4562.exe
[2009/10/26 17:41:52 | 00,000,000 | ---D | C] -- C:\Program Files\WinWSD Toolbar
[2009/10/26 17:41:50 | 00,000,000 | ---D | C] -- C:\Program Files\WebSite Downloader for Windows
[2009/10/23 21:18:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\LMI180.tmp
[2009/10/23 21:14:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\LMI17F.tmp
[2009/10/23 21:14:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\LMI17E.tmp
[2009/10/23 21:13:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\LMI17D.tmp
[2009/10/23 20:53:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jake\Local Settings\Application Data\ICS
[2009/10/23 13:51:07 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/10/23 13:47:05 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/23 11:26:53 | 00,123,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/23 11:26:53 | 00,060,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/18 21:16:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jake\Desktop\Project64 1.6
[2009/10/12 22:34:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/10/12 22:32:41 | 00,000,000 | ---D | C] -- C:\Program Files\DriverTest_demo
[2009/10/12 20:28:19 | 00,000,000 | ---D | C] -- C:\ATI
[2009/10/12 18:04:32 | 00,000,000 | ---D | C] -- C:\Program Files\ATI
[2009/10/12 18:01:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jake\Application Data\Download Manager
[2009/10/10 12:05:00 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/10 12:04:57 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/10 12:04:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/10 09:29:19 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2006/02/19 03:28:56 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\Jake\My Documents\*.tmp files -> C:\Documents and Settings\Jake\My Documents\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/05 11:36:30 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jake\Desktop\OTL.exe
[2009/11/05 11:15:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/05 11:01:14 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Jake\My Documents\money tree speech.doc
[2009/11/05 08:19:27 | 00,366,247 | ---- | M] () -- C:\Documents and Settings\Jake\Desktop\Money Tree.jpg
[2009/11/05 05:58:43 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/05 05:58:19 | 00,013,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/05 05:58:06 | 00,037,008 | ---- | M] () -- C:\Documents and Settings\Jake\UpdateLog.GDZ
[2009/11/05 05:58:02 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/05 05:57:48 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/05 05:57:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/05 05:56:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/05 01:17:30 | 08,912,896 | ---- | M] () -- C:\Documents and Settings\Jake\ntuser.dat
[2009/11/05 01:17:30 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Jake\ntuser.ini
[2009/11/01 20:04:44 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Jake\My Documents\movies.doc
[2009/11/01 10:57:03 | 00,521,444 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 10:57:03 | 00,441,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 10:57:03 | 00,071,206 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/30 16:15:00 | 00,000,374 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/10/30 13:51:38 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/10/29 12:58:45 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/29 10:28:34 | 00,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/28 20:21:25 | 00,035,008 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/28 18:45:44 | 00,043,344 | ---- | M] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/27 21:04:51 | 00,002,993 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/10/27 20:56:05 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/27 01:13:34 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Jake\My Documents\This matters to me speech.doc
[2009/10/26 17:50:22 | 00,032,310 | ---- | M] () -- C:\Documents and Settings\Jake\Desktop\azevedo1.jpg
[2009/10/26 17:50:15 | 00,025,055 | ---- | M] () -- C:\Documents and Settings\Jake\Desktop\azevedo2.jpg
[2009/10/26 17:41:52 | 00,227,052 | ---- | M] (Attila Keszi) -- C:\WINDOWS\WinWSD_Toolbar_Uninstaller_4562.exe
[2009/10/26 17:41:50 | 00,000,824 | ---- | M] () -- C:\Documents and Settings\Jake\Desktop\WebSite Downloader for Windows.lnk
[2009/10/24 09:24:01 | 00,000,663 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/24 09:24:01 | 00,000,282 | -HS- | M] () -- C:\boot.ini
[2009/10/24 09:24:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/23 21:28:16 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Jake\My Documents\symantecremote.doc
[2009/10/23 18:42:01 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Jake\Desktop\HijackThis.lnk
[2009/10/23 13:47:04 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/23 13:26:20 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Jake\Desktop\CCleaner.lnk
[2009/10/23 13:14:44 | 00,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/23 13:13:08 | 02,113,574 | -H-- | M] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\IconCache.db
[2009/10/23 11:27:04 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/23 11:27:04 | 00,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/23 11:27:04 | 00,010,563 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/23 11:27:04 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/23 11:27:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/22 17:06:45 | 00,948,815 | ---- | M] () -- C:\Documents and Settings\Jake\Desktop\kanye pumpkin.jpg
[2009/10/22 16:44:38 | 00,159,483 | ---- | M] () -- C:\Documents and Settings\Jake\Desktop\kanye.png
[2009/10/18 15:15:39 | 00,002,013 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/10/15 00:09:14 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Jake\My Documents\tie dye take away.doc
[2009/10/14 20:18:29 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Jake\My Documents\tie dye.doc
[2009/10/14 09:38:55 | 00,053,248 | ---- | M] () -- C:\Documents and Settings\Jake\My Documents\history 110 sources.doc
[2009/10/13 18:31:57 | 00,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2009/10/12 22:41:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/10/11 21:08:52 | 00,245,760 | ---- | M] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/10 09:30:32 | 00,001,845 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cisco NAC Agent.lnk
[2009/10/09 17:02:01 | 84,934,710 | ---- | M] () -- C:\Documents and Settings\Jake\Desktop\before NAC.bmp
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\Jake\My Documents\*.tmp files -> C:\Documents and Settings\Jake\My Documents\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/05 08:19:26 | 00,366,247 | ---- | C] () -- C:\Documents and Settings\Jake\Desktop\Money Tree.jpg
[2009/11/05 08:07:40 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Jake\My Documents\money tree speech.doc
[2009/10/29 12:58:45 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/27 21:04:50 | 00,002,993 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/10/27 21:02:25 | 08,912,896 | ---- | C] () -- C:\Documents and Settings\Jake\ntuser.dat
[2009/10/27 01:13:34 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Jake\My Documents\This matters to me speech.doc
[2009/10/26 17:50:22 | 00,032,310 | ---- | C] () -- C:\Documents and Settings\Jake\Desktop\azevedo1.jpg
[2009/10/26 17:50:15 | 00,025,055 | ---- | C] () -- C:\Documents and Settings\Jake\Desktop\azevedo2.jpg
[2009/10/26 17:41:50 | 00,000,824 | ---- | C] () -- C:\Documents and Settings\Jake\Desktop\WebSite Downloader for Windows.lnk
[2009/10/23 21:28:15 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Jake\My Documents\symantecremote.doc
[2009/10/23 14:05:01 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/23 13:51:44 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/23 13:47:04 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/23 11:26:53 | 00,010,563 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/23 11:26:53 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/22 17:01:48 | 00,948,815 | ---- | C] () -- C:\Documents and Settings\Jake\Desktop\kanye pumpkin.jpg
[2009/10/22 16:44:38 | 00,159,483 | ---- | C] () -- C:\Documents and Settings\Jake\Desktop\kanye.png
[2009/10/14 23:58:28 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Jake\My Documents\tie dye take away.doc
[2009/10/14 09:38:55 | 00,053,248 | ---- | C] () -- C:\Documents and Settings\Jake\My Documents\history 110 sources.doc
[2009/10/13 19:55:36 | 00,035,008 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/12 22:41:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/10/12 20:43:03 | 00,001,845 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cisco NAC Agent.lnk
[2009/10/10 15:40:33 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Jake\My Documents\tie dye.doc
[2009/10/09 17:01:51 | 84,934,710 | ---- | C] () -- C:\Documents and Settings\Jake\Desktop\before NAC.bmp
[2009/08/13 11:53:54 | 00,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/08/07 18:51:34 | 00,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/06/20 16:42:55 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/05/26 22:44:42 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
[2009/05/26 22:44:41 | 06,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2009/05/26 22:44:41 | 00,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2009/05/26 22:44:41 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2009/05/26 22:44:41 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/05/26 22:44:41 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
[2009/05/26 22:44:41 | 00,154,624 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
[2009/05/26 22:44:41 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
[2009/05/26 22:44:41 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
[2008/07/05 21:09:42 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/11/10 12:17:29 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Jake\Application Data\PnkBstrK.sys
[2007/08/25 21:34:18 | 00,139,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/07/09 11:07:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/09 11:05:28 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/04/29 15:33:04 | 00,038,680 | ---- | C] () -- C:\Documents and Settings\Jake\Application Data\GDIPFONTCACHEV1.DAT
[2007/04/02 17:18:28 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/18 00:22:08 | 02,113,574 | -H-- | C] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\IconCache.db
[2007/01/20 11:17:32 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/01/20 11:11:04 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/07 15:46:31 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\fusioncache.dat
[2007/01/06 13:04:12 | 00,003,106 | ---- | C] () -- C:\WINDOWS\System32\FSDataSvr.sys
[2006/11/13 16:19:36 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\Cylon.dll
[2006/11/13 16:19:36 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/13 16:19:36 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\usrnicvw.dll
[2006/11/13 16:18:29 | 00,000,095 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2006/09/12 17:57:50 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/21 10:07:54 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2006/08/21 10:07:54 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006/08/21 10:07:54 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006/08/21 10:07:54 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2006/08/21 10:07:54 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2006/08/20 16:06:36 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/08/20 16:06:36 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/08/14 11:09:49 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/08/02 10:32:19 | 00,004,097 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/08 18:19:58 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2006/07/07 11:21:07 | 00,245,760 | ---- | C] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/07 09:26:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2006/07/03 23:40:04 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/07/03 21:31:10 | 00,043,344 | ---- | C] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/07/03 17:01:40 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/03 17:01:40 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/03 17:01:40 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/03 17:01:40 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/03 17:01:40 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/03 17:01:40 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/07/03 17:01:08 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/07/03 15:59:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Jake\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/03/20 11:43:15 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/03/20 11:43:15 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/03/20 11:43:15 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/03/20 11:43:15 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/03/20 11:43:15 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/03/20 11:43:15 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/03/20 11:43:15 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/03/20 11:43:15 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/03/20 11:43:15 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2004/12/17 16:14:44 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/04 04:00:00 | 00,000,663 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 04:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/02/04 03:05:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll
[2003/09/18 09:03:12 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll
[2003/09/03 12:49:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll
[2003/08/15 02:52:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll
[2003/07/29 02:19:24 | 00,006,398 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartCdx.sys
[2001/07/07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/04/03 11:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2006/10/22 12:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2009/10/12 22:34:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/09/13 21:17:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2006/08/21 10:07:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2008/07/05 21:09:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2007/03/20 19:45:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SnapStream
[2008/01/27 13:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/06/10 16:54:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/30 19:06:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/22 21:06:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2008/12/21 14:35:26 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2009/10/10 12:05:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/23 13:47:09 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2006/10/18 19:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Aim
[2008/12/03 16:30:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\ATI
[2009/01/11 11:24:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Bioshock
[2007/03/20 20:13:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\BitTorrent
[2009/01/27 20:44:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Canneverbe_Limited
[2008/05/31 15:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\CDBurnerXP_Soft
[2007/06/17 15:30:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Command & Conquer 3 Tiberium Wars
[2006/07/03 17:15:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\FarStone
[2008/08/01 09:56:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Greyfirst
[2007/08/19 00:00:52 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Jake\Application Data\ijjigame
[2006/11/18 10:14:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\InterTrust
[2006/12/12 16:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\InterVideo
[2006/07/10 09:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Opera
[2007/04/07 18:44:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Jake\Application Data\SecuROM
[2008/01/27 13:25:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\TuneUp Software
[2009/10/30 16:15:00 | 00,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2009/11/05 05:58:43 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/23 11:27:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/11/05 05:57:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions >
"[email protected]" = C:\Program Files\Java\jre6\lib\deploy\jqs\ff -- [2008/12/04 19:04:56 | 00,000,000 | ---D | M]
"{20a82645-c095-46ed-80e3-08825760534b}" = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ -- [2009/09/02 00:13:03 | 00,000,000 | ---D | M]

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >
  • 0

#4
jp575
Posted 05 November 2009 - 01:46 PM

jp575

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
heres extras.txt

OTL Extras logfile created on: 11/5/2009 11:42:06 AM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Jake\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 6.82 Gb Free Space | 8.73% Space Free | Partition Type: NTFS
Drive D: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 677.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 154.76 Gb Total Space | 8.98 Gb Free Space | 5.81% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 232.88 Gb Total Space | 6.09 Gb Free Space | 2.62% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 15.32 Gb Free Space | 3.29% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 425.54 Gb Free Space | 91.36% Space Free | Partition Type: NTFS

Computer Name: HAL
Current User Name: Jake
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"9999:UDP" = 9999:UDP:*:Enabled:IDU Service UDP Port
"2804:TCP" = 2804:TCP:*:Enabled:IDU Service TCP Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3 -- (Ensemble Studios)
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe" = C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas -- File not found
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe" = C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater -- File not found
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat" = C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- (Electronic Arts Inc.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Defcon\defcon.exe" = C:\Program Files\Defcon\defcon.exe:*:Enabled:Defcon -- File not found
"H:\Crysis\Bin32\Crysis.exe" = H:\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"H:\Crysis\Bin32\CrysisDedicatedServer.exe" = H:\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"H:\Call of Duty 4\iw3mp.exe" = H:\Call of Duty 4\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"I:\Farcry\Far Cry 2\bin\FarCry2.exe" = I:\Farcry\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"I:\Farcry\Far Cry 2\bin\FC2Launcher.exe" = I:\Farcry\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"I:\Farcry\Far Cry 2\bin\FC2Editor.exe" = I:\Farcry\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)
"I:\call of duty world at war\CoDWaWmp.exe" = I:\call of duty world at war\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™ -- (Activision Blizzard, Inc.)
"I:\call of duty world at war\CoDWaW.exe" = I:\call of duty world at war\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™ -- (Activision Blizzard, Inc.)
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()
"I:\Steam\steamapps\common\lost planet dx9 trial\LostPlanetDX9.exe" = I:\Steam\steamapps\common\lost planet dx9 trial\LostPlanetDX9.exe:*:Enabled:Lost Planet: Extreme Condition Trial -- (CAPCOM CO., LTD.)
"I:\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe" = I:\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:Bioshock -- ()
"I:\ARMA\arma.exe" = I:\ARMA\arma.exe:*:Enabled:ArmA -- (Bohemia Interactive)
"I:\Steam\steamapps\jpiccus\team fortress 2\hl2.exe" = I:\Steam\steamapps\jpiccus\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"I:\Steam\steamapps\common\tom clancy's h.a.w.x - demo\HAWX.exe" = I:\Steam\steamapps\common\tom clancy's h.a.w.x - demo\HAWX.exe:*:Enabled:Tom Clancy's H.A.W.X - Demo -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"I:\Steam\steamapps\common\oblivion\OblivionLauncher.exe" = I:\Steam\steamapps\common\oblivion\OblivionLauncher.exe:*:Enabled:Oblivion: Game of the Year Edition -- (Bethesda Softworks)
"I:\Steam\steamapps\common\fallout 3\FalloutLauncher.exe" = I:\Steam\steamapps\common\fallout 3\FalloutLauncher.exe:*:Enabled:Fallout 3 -- (Bethesda Softworks)
"J:\RockstarGames\Rockstar Games Social Club\RGSCLauncher.exe" = J:\RockstarGames\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"J:\RockstarGames\Grand Theft Auto IV\LaunchGTAIV.exe" = J:\RockstarGames\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"J:\RockstarGames\Grand Theft Auto IV\GTAIV.exe" = J:\RockstarGames\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"I:\Steam\steamapps\common\left 4 dead\left4dead.exe" = I:\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"I:\Steam\steam.exe" = I:\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe Edition
"{049885D8-22B9-C209-A00C-E43A8E3F0B79}" = CCC Help Danish
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{072D42BE-96CD-FB75-A339-0ED0F76A9C61}" = Catalyst Control Center Localization Swedish
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1037CF8F-A226-A3BA-2D05-F34950395CB9}" = Catalyst Control Center Localization Chinese Standard
"{11B05D68-6054-4B2B-7776-A22592D837E8}" = Catalyst Control Center Localization German
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
"{1531DDE3-DD8B-C078-3CA2-4F278C8A7E6A}" = CCC Help Portuguese
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1A24A727-0470-7601-2370-233735A0E8EF}" = Catalyst Control Center Localization Norwegian
"{1AB88B2D-BA3B-FEC3-EDB1-6688CB217E2C}" = Catalyst Control Center Localization Czech
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{26B6423F-0E8A-2213-C8AD-16DD1E39D919}" = Catalyst Control Center Localization Greek
"{2A780209-2A41-4C75-932A-F6F0390D430A}" = Adobe Photoshop CS2 Functional Content
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{2EC973B4-B580-573E-58C1-15A6261E5F95}" = Catalyst Control Center Localization Turkish
"{2ECE7ECE-D15B-4999-8B8D-01C998F489D5}" = Adobe Encore DVD 2.0
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{2FDF1E49-B487-01CD-458E-5F51555B2232}" = Catalyst Control Center Localization Chinese Traditional
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{3407FD83-0A2F-475E-BE94-34F1FA342C84}" = ESET NOD32 Antivirus
"{34ACF0AB-D649-47DC-A90C-6DF34C270D78}" = Intel Audio Studio 2.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3872D54E-84A0-4C04-9BDB-684D01840CA6}" = Diskeeper Lite
"{3AE76A6A-DE52-4920-9814-905CA5551C2D}" = Cisco NAC Agent
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{40D388F5-803F-616A-521D-005BC0BD9496}" = CCC Help Russian
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{429232EE-1406-FE49-2B82-DFA6234249D2}" = Catalyst Control Center Graphics Full New
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4893A35F-0A23-48EC-8E74-24969244D6F2}" = Catalyst Control Center - Branding
"{4A220461-26FD-E792-F134-54FE095E5C67}" = ccc-utility
"{4BFE3B58-DE4A-7505-B2ED-1C581889DE8B}" = CCC Help English
"{4C7A2608-9B04-72EF-5BC1-815885E8093E}" = CCC Help Dutch
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA Player 4.1
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4EAB28B6-12F8-5F07-9857-4C84815DD36F}" = CCC Help Czech
"{51F30BA1-6032-ADC9-0F1D-8DCB8F4BEE35}" = CCC Help Finnish
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5731C0A8-B266-451A-8D3F-8066AA21836F}" = Tom Clancy's Rainbow Six Vegas
"{57922B53-02D4-4DFC-AC24-A3519DC1F49A}" = Adobe Premiere Pro FC
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{57E0CF08-9A6E-F140-D69F-1BEBC2AD5C66}" = Catalyst Control Center Localization French
"{59975E1A-7F44-827D-A294-0C946F96E26A}" = CCC Help Greek
"{5B9AF72D-593E-6D89-7E35-C79D58A04E9B}" = CCC Help Norwegian
"{5DE1B7CF-7429-40CA-987F-6BEE09B63787}" = Prime95
"{609B6317-7014-A779-C58D-864F12BA6339}" = CCC Help Spanish
"{6404709D-1338-87EE-0E6A-05BEADD5AD9D}" = Catalyst Control Center Localization Korean
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{670A8412-8080-78BD-8DBE-E68A3FB313D3}" = CCC Help Japanese
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68B18535-773E-DF4D-5213-624AAE7068BA}" = CCC Help Chinese Traditional
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6D655EE6-0D2D-DEA2-695D-EA749918CFB6}" = Catalyst Control Center Localization Polish
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{6F05A311-B2AB-5514-4A20-1A0C98131F36}" = CCC Help Hungarian
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71FD28F7-E697-40B4-8DC9-91E8B1B9AEE9}" = Wireless G WUA-1340
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{750365ED-CB2F-317F-E8B7-2429A9AEF210}" = Catalyst Control Center Localization Italian
"{75217611-047C-3C46-69CC-9E810B0FD7A4}" = ccc-core-preinstall
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty® 2 Patch 1.3
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7EC1397D-006B-9901-DED7-1937F7690388}" = CCC Help Turkish
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{84B57E13-6093-47EE-5BA1-415410E12374}" = CCC Help Polish
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{872FB0A8-1F51-51A5-A1EE-DFC1F996FCEC}" = Catalyst Control Center Localization Thai
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{899DD617-BC45-488B-08F7-EDAAB945BB87}" = Catalyst Control Center Localization Japanese
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8B6A5274-219B-912E-A87C-6F30EA87F55E}" = CCC Help French
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90ECE9AF-27D0-D9D2-4D0B-E68916E19BF8}" = Catalyst Control Center Localization Finnish
"{9158ED68-0310-0EFA-26FD-589A14F6C4D6}" = CCC Help Chinese Standard
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{962DE60D-D080-4E77-BD0C-F97A179C50B7}" = Microsoft Windows Vista Upgrade Advisor
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{998AD896-5B25-466D-8D56-CC0CC9228A68}" = Adobe Audition 2.0 Loopology Content
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A48E4951-D8E9-4FDF-82EF-46FB1C953F3E}" = Intel Audio Studio 2.0
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8E51420-13A4-6888-6F65-A82E53FA7045}" = CCC Help Italian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB061B3-99A6-4EE5-93F4-6EB1F60295C4}" = Adobe Production Studio
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B22F646A-3FCF-4DFE-AD34-DEEE173F150F}" = AdminWorks
"{B2C45229-65A0-4738-B9CB-C5A41634FBB1}" = 2d3 SteadyMove for Adobe Premiere Pro 2.0
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3B7836C-A1AD-4A56-811C-C18ABDE5EAAD}" = Adobe Video Suite Extras
"{B4C88CF0-B617-4658-8F84-C4E847FBC9F7}" = Microsoft Managed DirectX (1126)
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B74D4E10-0000-0000-0000-EDED00000102}" = Adobe ExtendScript Toolkit 1.0
"{B74D4E10-0000-0000-0000-EDED00000103}" = Adobe ExtendScript Toolkit 1.0
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B86C2C71-9EE8-4BB8-FC60-EEEAF205B849}" = Catalyst Control Center Localization Danish
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BCE36DA3-853A-7F6D-0041-118BFC0A3607}" = CCC Help Thai
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C035D435-3B6D-542C-3B12-9D7B35B1F02D}" = Catalyst Control Center Localization Dutch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}" = Symantec Endpoint Protection
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C51DD70F-B9DD-AD9A-9800-93A58C429CD1}" = Catalyst Control Center Graphics Full Existing
"{C6399072-505F-7C3E-6C42-8F0A678E2F17}" = Catalyst Control Center Localization Russian
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8190C22-2E61-43D7-93B5-912289647587}_is1" = DriverTest_demo 1.0
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC419DDC-E0F0-4013-B25A-6FA036516F0D}" = Need for Speed ProStreet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster for Battlefield Vietnam
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D159031E-628A-63C6-529A-AC5A95620ECC}" = CCC Help Swedish
"{D4292B37-6E88-A90C-B249-419417755D83}" = Catalyst Control Center Core Implementation
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{D88A2FDD-4C42-2DC8-879B-3E3B17DE7A98}" = CCC Help Korean
"{D898657E-139C-3E71-053F-4423BCBF0205}" = Catalyst Control Center Localization Hungarian
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DBFE5FBD-A7D9-4F74-88A1-2B042722F2DB}" = Intel® Desktop Control Center
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{DE1FD294-CF2A-4936-92F4-B1B778371627}" = Intel® Desktop Utilities
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam™
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E6C48B74-26ED-4EF8-A04C-42AFDE5E1CA3}" = Intel® PRO Network Connections
"{E7F6A8E5-43A6-2B4F-EF63-5C669ABF5D49}" = Catalyst Control Center Localization Portuguese
"{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}" = Lock On: Modern Air Combat
"{EC1963C6-8EA9-40DF-8CD7-F63E174FCAEC}" = Adobe After Effects 7.0 Functional Content
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F44900CB-5BAF-7A35-74BF-D9BE40CB1F81}" = CCC Help German
"{F51B2470-17F0-6230-5658-B9B4D9FDF750}" = ccc-core-static
"{F55B25A7-9D43-AD4F-B70B-AAB9C7FA1BA8}" = Skins
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6AA40E1-75DE-7AC4-F39D-75D6EDEE8C36}" = Catalyst Control Center Localization Spanish
"{F6F6C08A-ED6F-4968-8292-A08E9F02584F}" = Adobe Encore DVD FC
"{F989306B-9287-444F-AE73-E30C7E4AF0F5}" = Battlefield Vietnam: WW2 Mod
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FEB350BF-C090-3927-9F07-AFC93659F5FC}" = Catalyst Control Center Graphics Light
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AGEIA PhysX v2.3.3" = AGEIA PhysX v2.3.3
"AIM Search" = AIM Search
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ArmA" = ArmA Uninstall
"ATI Display Driver" = ATI Display Driver
"Battlecraft 19422.1" = Battlecraft 1942
"Blender" = Blender (remove only)
"CCleaner" = CCleaner (remove only)
"Celtx (1.0)" = Celtx (1.0)
"CleanUp!" = CleanUp!
"Color Finesse" = Color Finesse
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crysis WARHEAD®" = Crysis WARHEAD®
"Cycore FX 1.0.1 for After Effects" = Cycore FX 1.0.1 for After Effects
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EphPod" = EphPod
"Ghost Recon Advanced Warfighter Patch_is1" = GRAW Patch 1.35
"Google Updater" = Google Updater
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Keylight 1.2v2 for After Effects 7.0_is1" = Keylight 1.2v2 for After Effects 7.0
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MDT" = Battlefield Mod Development Toolkit 2.0 Beta
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NTFS Undelete_is1" = NTFS Undelete v0.93
"OpenAL" = OpenAL
"Project Reality 0.61 Full_is1" = Project Reality Mini-Mod 0.61
"PunkBusterSvc" = PunkBuster Services
"rn_ca" = ResNet Root Certificate Wizard
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMAC 2.0" = SMAC 2.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 219" = Half-Life 2: Demo
"Steam App 21930" = Tom Clancy's H.A.W.X - Demo
"Steam App 22300" = Fallout 3
"Steam App 22330" = Oblivion: Game of the Year Edition
"Steam App 22333" = Oblivion Game of the Year DLC
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 6580" = Lost Planet: Extreme Condition Trial
"Steam App 7670" = Bioshock
"U.S. Robotics Wireless MAXg Adapter" = U.S. Robotics Wireless MAXg Adapter
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.2
"WebSite Downloader" = WebSite Downloader 1.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinWSD Toolbar" = WinWSD Toolbar
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#5
chamber
Posted 05 November 2009 - 04:05 PM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi what problems exactly are you experiencing?

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean


Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#6
jp575
Posted 08 November 2009 - 05:30 PM

jp575

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello. I'm not really experiencing any huge problems, but my pc seems a bit slower. The main thing i experienced is that i was redirected to a site telling me to download some software...i just ended the firefox task and didn't download anything. I'm curious to why this happened though.

Mbam didn't find anything
Malwarebytes' Anti-Malware 1.41
Database version: 3130
Windows 5.1.2600 Service Pack 3

11/8/2009 3:28:43 PM
mbam-log-2009-11-08 (15-28-43).txt

Scan type: Quick Scan
Objects scanned: 101478
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks for the help so far.
  • 0

#7
chamber
Posted 09 November 2009 - 01:53 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • 0

#8
jp575
Posted 09 November 2009 - 03:41 PM

jp575

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
hey heres the log

ComboFix 09-11-08.03 - Jake 11/09/2009 13:31.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3069.2248 [GMT -8:00]
Running from: c:\documents and settings\Jake\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.

2009-11-01 02:10 . 2009-11-01 02:10 -------- d-----w- c:\documents and settings\Jake\Local Settings\Application Data\Temp
2009-10-30 21:51 . 2009-10-30 21:51 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-30 21:51 . 2009-10-30 21:51 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-30 21:51 . 2009-10-30 21:51 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-30 21:51 . 2009-10-30 21:51 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-30 21:51 . 2009-10-30 21:51 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-30 21:51 . 2009-10-30 21:51 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-23 21:47 . 2009-10-23 21:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-23 21:47 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-14 03:55 . 2009-10-29 04:21 35008 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-13 06:41 . 2009-10-13 06:41 0 ----a-w- c:\windows\system32\atiicdxx.dat
2009-10-13 06:34 . 2009-10-13 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-10-13 06:32 . 2009-10-13 06:35 -------- d-----w- c:\program files\DriverTest_demo
2009-10-13 04:28 . 2009-10-13 04:28 -------- d-----w- C:\ATI
2009-10-13 02:04 . 2009-10-13 02:04 -------- d-----w- c:\program files\ATI
2009-10-13 02:01 . 2009-10-13 02:03 -------- d-----w- c:\documents and settings\Jake\Application Data\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 08:21 . 2009-04-13 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-09 07:45 . 2009-09-14 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-08 23:24 . 2008-05-10 22:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-29 20:58 . 2006-07-04 04:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-29 02:45 . 2006-07-04 05:31 43344 ----a-w- c:\documents and settings\Jake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-28 18:22 . 2009-10-28 18:22 -------- d-----w- c:\program files\MSECache
2009-10-28 16:13 . 2009-09-14 05:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-28 16:13 . 2009-09-14 05:19 -------- d-----w- c:\program files\Symantec
2009-10-27 01:41 . 2009-10-27 01:41 -------- d-----w- c:\program files\WebSite Downloader for Windows
2009-10-27 01:41 . 2009-10-27 01:41 227052 ----a-w- c:\windows\WinWSD_Toolbar_Uninstaller_4562.exe
2009-10-27 01:41 . 2009-10-27 01:41 -------- d-----w- c:\program files\WinWSD Toolbar
2009-10-24 10:40 . 2009-09-05 09:19 556312 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-23 21:46 . 2007-06-16 00:47 -------- d-----w- c:\program files\Lavasoft
2009-10-23 21:46 . 2007-05-13 19:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-23 21:26 . 2008-06-06 06:09 -------- d-----w- c:\program files\CCleaner
2009-10-23 21:14 . 2007-03-03 20:13 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-23 19:27 . 2009-10-23 19:26 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-23 19:27 . 2009-10-23 19:26 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-23 19:27 . 2009-10-23 19:26 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-23 19:27 . 2009-10-23 19:26 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-13 06:33 . 2008-12-04 00:21 -------- d-----w- c:\program files\ATI Technologies
2009-10-10 20:07 . 2006-07-07 19:35 -------- d-----w- c:\documents and settings\Jake\Application Data\Apple Computer
2009-10-10 20:05 . 2009-10-10 20:04 -------- d-----w- c:\program files\iTunes
2009-10-10 20:05 . 2009-10-10 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-10 20:05 . 2009-10-10 20:05 -------- d-----w- c:\program files\iPod
2009-10-10 20:04 . 2007-07-20 21:29 -------- d-----w- c:\program files\Common Files\Apple
2009-10-06 02:07 . 2008-10-03 22:06 -------- d-----w- c:\documents and settings\Jake\Application Data\Move Networks
2009-10-06 00:01 . 2009-10-06 00:01 127872 ----a-w- c:\documents and settings\Jake\Application Data\Move Networks\uninstall.exe
2009-10-06 00:01 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Jake\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-10-06 00:01 . 2009-10-06 00:01 1686272 ----a-w- c:\documents and settings\Jake\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-10-01 17:29 . 2009-10-10 17:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 08:56 . 2007-07-20 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-25 05:37 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-24 21:55 . 2008-08-01 17:56 -------- d-----w- c:\program files\Celtx
2009-09-23 12:55 . 2009-10-23 21:51 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-22 23:49 . 2009-09-22 23:48 -------- d-----w- c:\program files\QuickTime
2009-09-22 00:09 . 2009-09-22 00:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-19 13:27 . 2008-06-24 14:10 299520 ----a-w- c:\windows\system32\ati2dvag(9).dll
2009-09-19 13:27 . 2008-06-24 14:10 299520 ----a-w- c:\windows\system32\ati2dvag(8).dll
2009-09-19 13:27 . 2008-06-24 14:10 299520 ----a-w- c:\windows\system32\ati2dvag(7).dll
2009-09-19 13:27 . 2008-06-24 14:10 299520 ----a-w- c:\windows\system32\ati2dvag(6).dll
2009-09-19 13:27 . 2008-06-24 14:10 299520 ----a-w- c:\windows\system32\ati2dvag(5).dll
2009-09-19 13:27 . 2008-06-24 14:10 299520 ----a-w- c:\windows\system32\ati2dvag(4).dll
2009-09-19 13:27 . 2008-06-24 14:10 299520 ----a-w- c:\windows\system32\ati2dvag(3).dll
2009-09-19 13:27 . 2008-06-24 14:10 299520 ----a-w- c:\windows\system32\ati2dvag(2).dll
2009-09-19 13:27 . 2008-06-24 14:10 299520 ----a-w- c:\windows\system32\ati2dvag(10).dll
2009-09-19 13:11 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(9).dll
2009-09-19 13:11 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(8).dll
2009-09-19 13:11 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(7).dll
2009-09-19 13:11 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(6).dll
2009-09-19 13:11 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(5).dll
2009-09-19 13:11 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(4).dll
2009-09-19 13:11 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(3).dll
2009-09-19 13:11 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(2).dll
2009-09-19 13:11 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(10).dll
2009-09-19 13:08 . 2008-06-24 13:58 602112 ----a-w- c:\windows\system32\ati2evxx(9).exe
2009-09-19 13:08 . 2008-06-24 13:58 602112 ----a-w- c:\windows\system32\ati2evxx(8).exe
2009-09-19 13:08 . 2008-06-24 13:58 602112 ----a-w- c:\windows\system32\ati2evxx(7).exe
2009-09-19 13:08 . 2008-06-24 13:58 602112 ----a-w- c:\windows\system32\ati2evxx(6).exe
2009-09-19 13:08 . 2008-06-24 13:58 602112 ----a-w- c:\windows\system32\ati2evxx(5).exe
2009-09-19 13:08 . 2008-06-24 13:58 602112 ----a-w- c:\windows\system32\ati2evxx(4).exe
2009-09-19 13:08 . 2008-06-24 13:58 602112 ----a-w- c:\windows\system32\ati2evxx(3).exe
2009-09-19 13:08 . 2008-06-24 13:58 602112 ----a-w- c:\windows\system32\ati2evxx(2).exe
2009-09-19 13:08 . 2008-06-24 13:58 602112 ----a-w- c:\windows\system32\ati2evxx(10).exe
2009-09-19 12:58 . 2008-06-24 13:48 3505184 ----a-w- c:\windows\system32\ati3duag(9).dll
2009-09-19 12:58 . 2008-06-24 13:48 3505184 ----a-w- c:\windows\system32\ati3duag(8).dll
2009-09-19 12:58 . 2008-06-24 13:48 3505184 ----a-w- c:\windows\system32\ati3duag(7).dll
2009-09-19 12:58 . 2008-06-24 13:48 3505184 ----a-w- c:\windows\system32\ati3duag(6).dll
2009-09-19 12:58 . 2008-06-24 13:48 3505184 ----a-w- c:\windows\system32\ati3duag(5).dll
2009-09-19 12:58 . 2008-06-24 13:48 3505184 ----a-w- c:\windows\system32\ati3duag(4).dll
2009-09-19 12:58 . 2008-06-24 13:48 3505184 ----a-w- c:\windows\system32\ati3duag(3).dll
2009-09-19 12:58 . 2008-06-24 13:48 3505184 ----a-w- c:\windows\system32\ati3duag(2).dll
2009-09-19 12:58 . 2008-06-24 13:48 3505184 ----a-w- c:\windows\system32\ati3duag(10).dll
2009-09-19 12:43 . 2008-06-24 13:36 2096384 ----a-w- c:\windows\system32\ativvaxx(9).dll
2009-09-19 12:43 . 2008-06-24 13:36 2096384 ----a-w- c:\windows\system32\ativvaxx(8).dll
2009-09-19 12:43 . 2008-06-24 13:36 2096384 ----a-w- c:\windows\system32\ativvaxx(7).dll
2009-09-19 12:43 . 2008-06-24 13:36 2096384 ----a-w- c:\windows\system32\ativvaxx(6).dll
2009-09-19 12:43 . 2008-06-24 13:36 2096384 ----a-w- c:\windows\system32\ativvaxx(5).dll
2009-09-19 12:43 . 2008-06-24 13:36 2096384 ----a-w- c:\windows\system32\ativvaxx(4).dll
2009-09-19 12:43 . 2008-06-24 13:36 2096384 ----a-w- c:\windows\system32\ativvaxx(3).dll
2009-09-19 12:43 . 2008-06-24 13:36 2096384 ----a-w- c:\windows\system32\ativvaxx(2).dll
2009-09-19 12:43 . 2008-06-24 13:36 2096384 ----a-w- c:\windows\system32\ativvaxx(10).dll
2009-09-19 12:21 . 2008-06-24 13:19 561152 ----a-w- c:\windows\system32\atikvmag(9).dll
2009-09-19 12:21 . 2008-06-24 13:19 561152 ----a-w- c:\windows\system32\atikvmag(8).dll
2009-09-19 12:21 . 2008-06-24 13:19 561152 ----a-w- c:\windows\system32\atikvmag(7).dll
2009-09-19 12:21 . 2008-06-24 13:19 561152 ----a-w- c:\windows\system32\atikvmag(6).dll
2009-09-19 12:21 . 2008-06-24 13:19 561152 ----a-w- c:\windows\system32\atikvmag(5).dll
2009-09-19 12:21 . 2008-06-24 13:19 561152 ----a-w- c:\windows\system32\atikvmag(4).dll
2009-09-19 12:21 . 2008-06-24 13:19 561152 ----a-w- c:\windows\system32\atikvmag(3).dll
2009-09-19 12:21 . 2008-06-24 13:19 561152 ----a-w- c:\windows\system32\atikvmag(2).dll
2009-09-19 12:21 . 2008-06-24 13:19 561152 ----a-w- c:\windows\system32\atikvmag(10).dll
2009-09-19 12:17 . 2008-06-24 13:16 401408 ----a-w- c:\windows\system32\atiok3x2(9).dll
2009-09-19 12:17 . 2008-06-24 13:16 401408 ----a-w- c:\windows\system32\atiok3x2(8).dll
2009-09-19 12:17 . 2008-06-24 13:16 401408 ----a-w- c:\windows\system32\atiok3x2(7).dll
2009-09-19 12:17 . 2008-06-24 13:16 401408 ----a-w- c:\windows\system32\atiok3x2(6).dll
2009-09-19 12:17 . 2008-06-24 13:16 401408 ----a-w- c:\windows\system32\atiok3x2(5).dll
2009-09-19 12:17 . 2008-06-24 13:16 401408 ----a-w- c:\windows\system32\atiok3x2(4).dll
2009-09-19 12:17 . 2008-06-24 13:16 401408 ----a-w- c:\windows\system32\atiok3x2(3).dll
2009-09-19 12:17 . 2008-06-24 13:16 401408 ----a-w- c:\windows\system32\atiok3x2(2).dll
.

------- Sigcheck -------

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="i:\steam\steam.exe" [2009-10-24 1217808]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"U.S. Robotics Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ipTray.exe"="c:\program files\Intel\IDU\iptray.exe" [2005-04-30 1267200]
"awTray.exe"="c:\program files\Intel\IDU\awtray.exe" [2005-03-11 1910784]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 9138176]
"GameDrive"="c:\program files\FarStone\GameDrive\GDP\GDTask.exe" [2005-08-09 139264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2009-06-22 446088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-04-02 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"AGEIA PhysX SysTray"=c:\program files\AGEIA Technologies\TrayIcon.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"ANIWZCS2Service"=c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DiskeeperSystray"="c:\program files\Executive Software\Diskeeper\DkIcon.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"i:\\Farcry\\Far Cry 2\\bin\\FarCry2.exe"=
"i:\\Farcry\\Far Cry 2\\bin\\FC2Launcher.exe"=
"i:\\Farcry\\Far Cry 2\\bin\\FC2Editor.exe"=
"i:\\call of duty world at war\\CoDWaWmp.exe"=
"i:\\call of duty world at war\\CoDWaW.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"i:\\Steam\\steamapps\\common\\lost planet dx9 trial\\LostPlanetDX9.exe"=
"i:\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"i:\\ARMA\\arma.exe"=
"i:\\Steam\\steamapps\\jpiccus\\team fortress 2\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"i:\\Steam\\steamapps\\common\\tom clancy's h.a.w.x - demo\\HAWX.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"i:\\Steam\\steamapps\\common\\oblivion\\OblivionLauncher.exe"=
"i:\\Steam\\steamapps\\common\\fallout 3\\FalloutLauncher.exe"=
"j:\\RockstarGames\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"j:\\RockstarGames\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"j:\\RockstarGames\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"i:\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"i:\\Steam\\steam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:IDU Service UDP Port
"2804:TCP"= 2804:TCP:IDU Service TCP Port

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/23/2009 1:51 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 3:17 AM 1179232]
R2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [6/22/2009 9:24 AM 715400]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/10/2009 4:54 PM 24652]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 gupdate1c9bc88f715e070;Google Update Service (gupdate1c9bc88f715e070);c:\program files\Google\Update\GoogleUpdate.exe [4/13/2009 2:41 PM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [4/2/2009 1:49 PM 23888]
S3 iteio;iteio;\??\c:\windows\system32\drivers\iteio.sys --> c:\windows\system32\drivers\iteio.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 21:51]

2008-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-11-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-13 22:40]

2009-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 22:40]

2009-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 22:40]

2009-10-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jake\Application Data\Mozilla\Firefox\Profiles\30f1p7u1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\Jake\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
SafeBoot-Symantec Antvirus



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 13:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1708537768-796845957-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:04,38,85,e5,27,47,d8,a2,57,93,08,75,23,f9,0b,42,47,53,56,a1,55,c6,5d,
b0,92,06,60,a2,df,43,42,11,51,d2,dc,2c,71,fd,39,bf,06,e0,f5,2f,af,a1,60,b9,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-1708537768-796845957-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:c2,eb,b9,da,e3,5e,6b,01,5e,64,a0,48,91,b5,c4,42,ce,ba,12,c8,28,
f6,f6,af,99,27,30,cf,34,89,13,83,4e,4e,32,39,2d,58,5b,1b,8a,15,c5,63,b9,f1,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:25,db,da,80,ae,09,a6,d1,42,a3,88,1f,fd,c3,13,16,ed,83,25,04,d8,
92,16,82,df,26,ab,93,9e,e8,b0,e9,b2,c4,bd,36,d5,d0,9f,e7,12,b7,d3,70,1c,87,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|"|w*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:25,db,da,80,ae,09,a6,d1,42,a3,88,1f,fd,c3,13,16,ed,83,25,04,d8,
92,16,82,df,26,ab,93,9e,e8,b0,e9,b2,c4,bd,36,d5,d0,9f,e7,12,b7,d3,70,1c,87,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-11-09 13:40
ComboFix-quarantined-files.txt 2009-11-09 21:40

Pre-Run: 7,066,787,840 bytes free
Post-Run: 7,058,571,264 bytes free

- - End Of File - - 80DD111DEFB6A053E2B2EDB79AA9B974
  • 0

#9
chamber
Posted 10 November 2009 - 01:44 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • c:\windows\explorer.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#10
jp575
Posted 14 November 2009 - 11:32 PM

jp575

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
hey heres the clipboard result

VirSCAN.org Scanned Report :
Scanned time : 2009/11/14 21:08:01 (PST)
Scanner results: Scanners did not find malware!
File Name : explorer.exe
File Size : 1033216 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 97bd6515465659ff8f3b7be375b2ea87
SHA1 : 972307a3ef93680afdd03603df20f2241047a934
Online report : http://virscan.org/r...5c00836973.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091114000235 2009-11-14 7.71 -
AhnLab V3 2009.11.14.00 2009.11.14 2009-11-14 1.38 -
AntiVir 8.2.1.65 7.1.6.235 2009-11-13 1.11 -
Antiy 2.0.18 20091113.3257899 2009-11-13 0.02 -
Arcavir 2009 200911141019 2009-11-14 0.07 -
Authentium 5.1.1 200911141621 2009-11-14 2.22 -
AVAST! 4.7.4 091114-1 2009-11-14 0.06 -
AVG 8.5.288 270.14.65/2503 2009-11-15 0.35 -
BitDefender 7.81008.4548533 7.28932 2009-11-15 3.94 -
CA (VET) 35.1.0 7120 2009-11-13 7.98 -
ClamAV 0.95.2 10024 2009-11-14 0.16 -
Comodo 3.12 2957 2009-11-14 1.10 -
CP Secure 1.3.0.5 2009.11.15 2009-11-15 0.11 -
Dr.Web 4.44.0.9170 2009.11.15 2009-11-15 7.08 -
F-Prot 4.4.4.56 20091114 2009-11-14 2.22 -
F-Secure 7.02.73807 2009.11.14.03 2009-11-14 9.08 -
Fortinet 2.81-3.120 11.59 2009-11-14 0.28 -
GData 19.8840/19.559 20091115 2009-11-15 5.87 -
ViRobot 20091114 2009.11.14 2009-11-14 0.42 -
Ikarus T3.1.01.74 2009.11.14.74530 2009-11-14 4.10 -
JiangMin 11.0.800 2009.11.14 2009-11-14 5.19 -
Kaspersky 5.5.10 2009.11.15 2009-11-15 0.07 -
KingSoft 2009.2.5.15 2009.11.14.15 2009-11-14 0.51 -
McAfee 5.3.00 5802 2009-11-14 3.40 -
Microsoft 1.5202 2009.11.14 2009-11-14 6.24 -
Norman 6.01.09 6.01.00 2009-11-14 4.01 -
Panda 9.05.01 2009.11.14 2009-11-14 2.28 -
Trend Micro 9.000-1003 6.626.06 2009-11-14 0.03 -
Quick Heal 10.00 2009.11.13 2009-11-13 1.78 -
Rising 20.0 22.21.06.01 2009-11-15 0.96 -
Sophos 3.00.1 4.46 2009-11-15 3.10 -
Sunbelt 5505 5505 2009-11-12 1.76 -
Symantec 1.3.0.24 20091114.004 2009-11-14 0.08 -
nProtect 20091115.01 6221771 2009-11-15 4.08 -
The Hacker 6.5.0.2 v00070 2009-11-14 0.79 -
VBA32 3.12.10.11 20091114.2109 2009-11-14 2.14 -
VirusBuster 4.5.11.10 10.113.17/2016800 2009-11-15 2.65 -
  • 0

#11
chamber
Posted 17 November 2009 - 01:52 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi,

As it's been a few days since it was run can you re run ComboFix for me, if it asks you to update, please do so.
  • 0

#12
chamber
Posted 24 November 2009 - 03:36 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Still out there?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP