Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

windows not responding

Started by aliboy66 , Mar 24 2011 12:47 PM

Please log in to reply

#1
aliboy66

Posted 24 March 2011 - 12:47 PM

Member

Member
104 posts

Hi i have been getting some help from Macboatmaster for my windows not responding we did some things and he said i need your help? not sure what to do thanks
http://www.geekstogo...not-responding/

#2
Dakeyras

Posted 30 March 2011 - 06:11 PM

Anti-Malware Mammoth

Expert
9,773 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go.

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Scan with GMER:

Please download GMER Rootkit Scanner from here.

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

Double-click on OTL.exe to start OTL.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
Gmer Log.
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

#3
Dakeyras

Posted 04 April 2011 - 05:09 AM

Anti-Malware Mammoth

Expert
9,773 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#4
Dakeyras

Posted 07 April 2011 - 02:59 PM

Anti-Malware Mammoth

Expert
9,773 posts

Topic re-opened at OP's request/my discretion.

#5
aliboy66

Posted 08 April 2011 - 06:12 AM

Member

Topic Starter
Member
104 posts

Hi Dakeyras i downloaded gmer and otl to my desktop but when i click on it i get a message saying windows cant not open this file i tried to deleet from my desktop and its says cannot deleet file because a progham is using it when i turn the net off i can deleet it but when i back on the net it comes back. my computer working slow it takes ages for anything to come up i have to keep pressing the refresh button i am using someoneelses computerat the momment not sure what to do thanks

#6
Dakeyras

Posted 08 April 2011 - 11:05 AM

Anti-Malware Mammoth

Expert
9,773 posts

Hi.

OK, though not really ideal lets see if you can run both scans in Safe Mode...

How to boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode, do so.

If any problems refer to this tutorial.

#7
aliboy66

Posted 09 April 2011 - 10:41 AM

Member

Topic Starter
Member
104 posts

Hi Dakeyras done the Gmer scan finaly for some rason down loading is not happen for me can't download Dakeyrasd OTL and can't send you the Gmer log its to long don't know what I've done wrong? thanks

Edited by aliboy66, 09 April 2011 - 11:01 AM.

#8
Dakeyras

Posted 09 April 2011 - 12:39 PM

Anti-Malware Mammoth

Expert
9,773 posts

Hi.

OK please attach the GMER log as a Zip File and attach it in your next reply...

Right click on the Gmer logfile and select Send To > >> Compressed (zipped) Folder

How to attach it in this topic, instructions can be read here. <-- Click on Posting to expand.

Next:

OK please download OTL to a USB type drive and transfer it to your machine, before doing so however on the computer you are currently using as a precaution carry out the following...

Flash Disinfector:

Please download Flash_Disinfector and save it to your desktop.
Double click to run it.
You will be prompted to plug in your flash(USB) drive. Plug it in.
Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

#9
aliboy66

Posted 09 April 2011 - 05:20 PM

Member

Topic Starter
Member
104 posts

Hi one file i will try the others latter thank Dakeyras
i use firefox

Attached Files

Gmer3.zip 36.59KB 88 downloads

Edited by aliboy66, 09 April 2011 - 05:24 PM.

#10
Dakeyras

Posted 10 April 2011 - 01:12 AM

Anti-Malware Mammoth

Expert
9,773 posts

OK.

#11
aliboy66

Posted 10 April 2011 - 03:33 AM

Member

Topic Starter
Member
104 posts

Hi Dakeyras i finaly manged to download OTL to my computer so i did not use flash disinfector.

OTL logfile created on: 4/10/2011 9:38:44 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Niyazi Mustafa\Desktop\ShortcuttoOTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 209.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.26 Gb Total Space | 18.31 Gb Free Space | 25.70% Space Free | Partition Type: NTFS

Computer Name: FOOTBALL | User Name: Niyazi Mustafa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Niyazi Mustafa\Desktop\ShortcuttoOTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AOL Desktop 9.6 Beta\shellmon.exe (AOL Inc.)
PRC - C:\Program Files\AOL Desktop 9.6 Beta\waol.exe (AOL Inc.)
PRC - C:\Program Files\Common Files\AOL\1154385393\ee\aolupdates.exe (AOL Inc.)
PRC - C:\Program Files\Common Files\AOL\1154385393\ee\aolsoftware.exe (AOL Inc.)
PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Program Files\Common Files\AOL\Loader\aolload.exe (AOL Inc.)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\WINDOWS\system32\UAService7.exe ()
PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Niyazi Mustafa\Desktop\ShortcuttoOTL\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\ThreatFire\TFWAH.dll (PC Tools)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\WINDOWS\system32\UAService7.exe ()

========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (TfSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM) -- C:\WINDOWS\system32\drivers\sea1unic.sys (MCCI)
DRV - (sea1obex) -- C:\WINDOWS\system32\drivers\sea1obex.sys (MCCI)
DRV - (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS) -- C:\WINDOWS\system32\drivers\sea1nd5.sys (MCCI)
DRV - (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\sea1mgmt.sys (MCCI)
DRV - (sea1mdm) -- C:\WINDOWS\system32\drivers\sea1mdm.sys (MCCI)
DRV - (sea1mdfl) -- C:\WINDOWS\system32\drivers\sea1mdfl.sys (MCCI)
DRV - (sea1bus) Sony Ericsson Device 0A1 driver (WDM) -- C:\WINDOWS\system32\drivers\sea1bus.sys (MCCI)
DRV - (se59obex) -- C:\WINDOWS\system32\drivers\se59obex.sys (MCCI)
DRV - (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\se59mgmt.sys (MCCI)
DRV - (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS) -- C:\WINDOWS\system32\drivers\se59nd5.sys (MCCI)
DRV - (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM) -- C:\WINDOWS\system32\drivers\se59unic.sys (MCCI)
DRV - (se59mdm) -- C:\WINDOWS\system32\drivers\se59mdm.sys (MCCI)
DRV - (se59mdfl) -- C:\WINDOWS\system32\drivers\se59mdfl.sys (MCCI)
DRV - (se59bus) Sony Ericsson Device 089 driver (WDM) -- C:\WINDOWS\system32\drivers\se59bus.sys (MCCI)
DRV - (se26unic) Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM) -- C:\WINDOWS\system32\drivers\se26unic.sys (MCCI)
DRV - (se26nd5) Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS) -- C:\WINDOWS\system32\drivers\se26nd5.sys (MCCI)
DRV - (SE26obex) -- C:\WINDOWS\system32\drivers\SE26obex.sys (MCCI)
DRV - (SE26mgmt) Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE26mgmt.sys (MCCI)
DRV - (SE26mdm) -- C:\WINDOWS\system32\drivers\SE26mdm.sys (MCCI)
DRV - (SE26mdfl) -- C:\WINDOWS\system32\drivers\SE26mdfl.sys (MCCI)
DRV - (SE26bus) Sony Ericsson Device 038 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE26bus.sys (MCCI)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
IE - HKCU\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search powered by Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...romesbox-en-uk"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-us.www.moz...m/my_games.php"
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {D2A6A719-7CBC-4594-85FD-C36AD881424F}:4.5.24
FF - prefs.js..extensions.enabledItems: {9A752782-D706-479b-98F8-3F66BF921692}:8.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.3
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:4.3.5
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.06
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:20110101

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/03/03 07:46:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 16:06:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 22:26:51 | 000,000,000 | ---D | M]

[2009/12/07 20:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Extensions
[2010/07/23 19:37:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\chelsea\extensions
[2010/07/23 19:37:07 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\chelsea\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/09 23:28:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions
[2011/02/21 15:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/02/21 15:27:36 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2)
[2011/01/02 17:11:37 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/04/27 22:02:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/01/29 22:19:24 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}(2)
[2008/01/29 22:12:45 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}(3)
[2011/03/23 18:31:57 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011/03/24 22:03:22 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2010/12/11 00:16:06 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011/02/21 15:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/02/21 15:27:39 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}(2)
[2009/09/27 08:41:38 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2011/03/23 22:27:34 | 000,000,000 | ---D | M] (Hyperwords) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2011/03/10 19:53:12 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2011/02/21 15:27:37 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}(2)
[2011/03/23 22:27:35 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/10/26 22:19:16 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2008/01/29 22:12:06 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}(2)
[2011/01/24 21:52:52 | 000,000,000 | ---D | M] ("Glue") -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{D2A6A719-7CBC-4594-85FD-C36AD881424F}
[2008/01/29 22:19:26 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}(2)
[2008/01/29 22:19:55 | 000,000,000 | ---D | M] (Yoono) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}(2)
[2008/01/29 22:12:48 | 000,000,000 | ---D | M] (Yoono) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}(3)
[2008/01/29 22:19:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2)
[2010/12/11 00:15:50 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\[email protected]
[2011/02/21 15:27:36 | 000,000,000 | ---D | M] (SimilarWeb) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\FirefoxAddon@similarWeb(2).com
[2011/03/02 17:01:49 | 000,000,000 | ---D | M] (SimilarWeb) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\[email protected]
[2011/03/23 18:32:43 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\[email protected]
[2010/07/08 17:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\staged
[2011/02/21 15:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\extensions\[email protected]
[2010/07/23 19:37:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\ryccsuz7.jimbob\extensions
[2009/12/09 18:15:25 | 000,000,000 | ---D | M] (AOL Broadband Toolbar) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\ryccsuz7.jimbob\extensions\{796503e4-19fe-48a3-82da-5c1fe0a13e3f}
[2009/12/08 20:19:36 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\ryccsuz7.jimbob\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/07/23 19:37:07 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\ryccsuz7.jimbob\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/07/23 19:37:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\sbnjxzaf.niya\extensions
[2009/12/09 18:15:25 | 000,000,000 | ---D | M] (AOL Broadband Toolbar) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\sbnjxzaf.niya\extensions\{796503e4-19fe-48a3-82da-5c1fe0a13e3f}
[2009/03/25 23:29:28 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\sbnjxzaf.niya\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/07/23 19:37:07 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\sbnjxzaf.niya\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/03 15:04:09 | 000,001,243 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\a9.xml
[2009/12/09 18:30:01 | 000,004,602 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\aol-search-powered-by-google.xml
[2009/09/17 16:21:53 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\aol-search.xml
[2009/05/03 11:35:06 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\ask.xml
[2008/06/19 23:31:52 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\askcom.xml
[2008/05/28 20:22:03 | 000,001,340 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\bbc-news.xml
[2008/01/28 14:40:57 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\businesscom.xml
[2009/12/08 23:07:56 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\conduit.xml
[2008/03/16 09:38:32 | 000,005,310 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\footiefox.xml
[2009/07/31 21:56:29 | 000,004,440 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\hyperwords.xml
[2008/05/28 20:22:03 | 000,001,944 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\live-search.xml
[2008/01/28 14:22:36 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\mozilla-add-ons.xml
[2009/10/24 11:18:08 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\searchalot.xml
[2011/04/03 15:04:12 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\weathercom.xml
[2008/06/17 21:35:53 | 000,008,169 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\yahoo-answers.xml
[2011/04/03 15:04:12 | 000,002,214 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\yahooligans.xml
[2011/04/09 23:28:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 17:15:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/05 20:26:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/17 22:29:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/20 20:28:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/06 22:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2008/01/29 22:19:35 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2011/03/03 07:46:27 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2010/04/17 17:13:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/11 17:32:07 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/07/03 10:36:05 | 000,411,348 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14217 more lines...
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Broadband Toolbar Loader) - {776a9d06-e178-4aa0-aee4-b4de3a64ad28} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AOL Broadband Toolbar) - {e6ed7f95-e571-4f81-8757-5eb11252703d} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {E6ED7F95-E571-4F81-8757-5EB11252703D} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVD2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154385393\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [DriverScanner] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{38c600cb-864e-11dc-87f5-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{38c600cb-864e-11dc-87f5-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{38c600cb-864e-11dc-87f5-00038a000015}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{f299d9bc-cf26-11db-8509-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{f299d9bc-cf26-11db-8509-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f299d9bc-cf26-11db-8509-00038a000015}\Shell\AutoRun\command - "" = I:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/10 09:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Niyazi Mustafa\Desktop\ShortcuttoOTL
[2011/04/04 19:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\emine songs
[2011/03/24 21:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Niyazi Mustafa\Start Menu\Programs\Sports Interactive
[2011/03/22 22:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/03/22 22:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/03/14 19:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/14 19:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/14 19:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/14 18:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/03/13 21:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2011/03/12 17:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Niyazi Mustafa\Local Settings\Application Data\Secunia PSI
[2011/03/12 17:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/03/12 00:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/03/12 00:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/03/12 00:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Niyazi Mustafa\Local Settings\Application Data\Temp
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/10 09:23:53 | 000,575,093 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Desktop\ShortcuttoOTL.zip
[2011/04/10 09:05:24 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/10 09:00:28 | 000,069,651 | ---- | M] () -- C:\VETlog.dmp
[2011/04/10 08:45:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/10 08:31:21 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/10 07:45:40 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8E457B31-89F7-46EA-8045-27282FC623F3}.job
[2011/04/10 06:43:21 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{983C0452-57C7-446D-983D-146CF893744D}.job
[2011/04/10 06:23:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/10 00:33:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/04/09 23:09:38 | 000,037,470 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Desktop\Gmer3.zip
[2011/04/09 18:00:18 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/04/09 12:51:19 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Desktop\62dybhef.exe
[2011/04/08 20:00:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (CHELSEA-Ayse Mustafa).job
[2011/04/08 18:30:03 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (CHELSEA-Niyazi Mustafa).job
[2011/03/27 19:25:45 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Desktop\dds.scr
[2011/03/27 19:12:49 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Desktop\dds.com
[2011/03/27 07:05:38 | 000,443,420 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/27 07:05:38 | 000,072,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/24 21:21:39 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2008.lnk
[2011/03/24 19:22:32 | 000,033,817 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Desktop\aliboy66.htm
[2011/03/23 18:19:08 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/03/22 22:19:20 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Desktop\Auslogics Disk Defrag.lnk
[2011/03/22 20:24:33 | 000,012,862 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\wklnhst.dat
[2011/03/22 00:18:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/14 19:09:51 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/12 11:16:18 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/03/11 16:55:06 | 000,923,526 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\My Documents\Firefox 3.6.15 (en-US) - 2011-03-11.pcv
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/10 09:04:17 | 000,575,093 | ---- | C] () -- C:\Documents and Settings\Niyazi Mustafa\Desktop\ShortcuttoOTL.zip
[2011/04/09 23:09:38 | 000,037,470 | ---- | C] () -- C:\Documents and Settings\Niyazi Mustafa\Desktop\Gmer3.zip
[2011/04/09 12:48:26 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Niyazi Mustafa\Desktop\62dybhef.exe
[2011/03/27 19:24:57 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Niyazi Mustafa\Desktop\dds.scr
[2011/03/27 19:11:52 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Niyazi Mustafa\Desktop\dds.com
[2011/03/24 21:21:38 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2008.lnk
[2011/03/24 19:22:18 | 000,033,817 | ---- | C] () -- C:\Documents and Settings\Niyazi Mustafa\Desktop\aliboy66.htm
[2011/03/22 22:19:20 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\Niyazi Mustafa\Desktop\Auslogics Disk Defrag.lnk
[2011/03/14 19:09:51 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/12 00:13:29 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/03/12 00:00:40 | 000,000,902 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/12 00:00:38 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/11 16:55:05 | 000,923,526 | ---- | C] () -- C:\Documents and Settings\Niyazi Mustafa\My Documents\Firefox 3.6.15 (en-US) - 2011-03-11.pcv
[2011/03/03 07:46:26 | 000,190,016 | ---- | C] () -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/17 12:02:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/26 18:09:53 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/10/13 05:47:18 | 000,243,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/17 17:36:46 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/05 12:43:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/02/05 12:41:26 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/12/31 16:34:32 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/12/31 16:34:32 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/12/31 16:34:32 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/12/31 16:34:32 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/12/31 16:34:32 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/12/31 16:34:32 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/12/31 16:34:32 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/12/31 16:34:32 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/12/31 16:34:32 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/12/31 16:34:32 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/12/31 16:34:32 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/12/31 16:34:32 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/12/31 16:34:32 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/12/31 16:34:32 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/12/31 16:34:32 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/12/31 16:34:32 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/12/31 16:34:32 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/12/31 16:34:32 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/12/31 16:34:32 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/31 16:31:37 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED92Euro.ini
[2007/11/15 10:23:46 | 000,000,560 | ---- | C] () -- C:\Program Files\Global.sw
[2007/05/30 11:24:07 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2007/05/09 20:35:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/10/22 15:56:11 | 000,000,117 | RH-- | C] () -- C:\WINDOWS\dbdopq.INI
[2006/10/22 09:21:13 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Niyazi Mustafa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/06 18:33:52 | 000,002,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/12 23:24:09 | 000,046,345 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/24 14:33:19 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/01 00:10:02 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/07/31 23:44:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/04/30 18:49:19 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2006/04/04 06:54:16 | 000,000,149 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2006/03/28 12:00:19 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService7.exe
[2006/03/25 21:14:40 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/03/19 19:19:43 | 000,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/19 19:19:43 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\F63AE96CED.sys
[2006/03/19 19:17:09 | 000,000,499 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/03/19 15:55:13 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\dvd.bmk
[2006/03/19 12:14:05 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Niyazi Mustafa\Local Settings\Application Data\fusioncache.dat
[2006/03/18 15:29:47 | 000,012,862 | ---- | C] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\wklnhst.dat
[2006/03/13 20:45:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/13 20:43:17 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/13 20:39:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/03/13 20:36:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/13 20:09:38 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini
[2006/03/13 20:08:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/03/13 20:05:39 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 02:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,443,420 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,072,510 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/27 16:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

OTL Extras logfile created on: 4/10/2011 9:38:44 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Niyazi Mustafa\Desktop\ShortcuttoOTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 209.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.26 Gb Total Space | 18.31 Gb Free Space | 25.70% Space Free | Partition Type: NTFS

Computer Name: FOOTBALL | User Name: Niyazi Mustafa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\AOL 9.0a\waol.exe" = C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\AOL 9.0a\waol.exe" = C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL
"C:\Program Files\AOL 9.0 VR\waol.exe" = C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\1154385393\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1154385393\ee\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\Common Files\AOL\1154385393\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1154385393\ee\aolsoftware.exe:*:Enabled:AOL Services -- (AOL Inc.)
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL
"C:\Program Files\AOL 9.0 VRa\waol.exe" = C:\Program Files\AOL 9.0 VRa\waol.exe:*:Enabled:AOL
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\AOL 9.1 Beta\waol.exe" = C:\Program Files\AOL 9.1 Beta\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\AOL 9.1a\waol.exe" = C:\Program Files\AOL 9.1a\waol.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\1154385393\ee\AOLDesktop.exe" = C:\Program Files\Common Files\AOL\1154385393\ee\AOLDesktop.exe:*:Enabled:AOL Desktop -- (AOL LLC)
"C:\Program Files\AOL Desktop v9.6\waol.exe" = C:\Program Files\AOL Desktop v9.6\waol.exe:*:Enabled:AOL Desktop v9.6 -- (AOL Inc.)
"C:\Program Files\AOL Desktop 9.6 Beta\waol.exe" = C:\Program Files\AOL Desktop 9.6 Beta\waol.exe:*:Enabled:AOL Desktop 9.6 Beta -- (AOL Inc.)
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008 -- (Sports Interactive)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055A0044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{117CD9C0-0F15-4633-93D7-F957B50535A5}" = Popup Blocker (Windows Live Toolbar)
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Photo Premium 10
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71F64484-24AF-4D88-9311-C17CA9D50E1D}" = Special SpareBackup Offer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}" = BabasChess
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A40D6757-B145-4FE7-B694-89180A9F3F64}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}" = CinepPlayer 30 Update
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}" = Windows Live Favorites for Windows Live Toolbar
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"4oD" = 4oD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Broadband Toolbar" = AOL Broadband Toolbar
"AOL Pictures" = AOL Pictures Tools (version 10.6.0.8)
"AOL Regclient" = AOL Registration
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOLCoach uk" = AOL Coach Version 1.0(Build:20040229.1 uk)
"avast" = avast! Free Antivirus
"BlackBerry_{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"DellSupport" = Dell Support 5.0.0 (630)
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"ERUNT_is1" = ERUNT 1.1j
"Everything" = Everything 1.2.1.371
"Football Manager 2008" = Football Manager 2008
"Foxit Creator" = Foxit Creator
"Foxit Reader" = Foxit Reader
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"PictureItPrem_v10" = Microsoft Photo Premium 10
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Tweak UI 2.10" = Tweak UI
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Works2005Setup" = Microsoft Works 2005 Setup Launcher

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2011 4:14:04 AM | Computer Name = FOOTBALL | Source = Application Error | ID = 1000
Description = Faulting application aolbrowser.exe, version 0.1.41.1, faulting module
aolbrowser.exe, version 0.1.41.1, fault address 0x0003be70.

Error - 4/4/2011 2:05:21 PM | Computer Name = FOOTBALL | Source = Microsoft Office 10 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Word.

Error - 4/4/2011 2:58:39 PM | Computer Name = FOOTBALL | Source = Application Error | ID = 1000
Description = Faulting application foxit reader.exe, version 3.2.1.401, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.

Error - 4/5/2011 1:19:22 AM | Computer Name = FOOTBALL | Source = Application Error | ID = 1000
Description = Faulting application foxit reader.exe, version 3.2.1.401, faulting
module foxit reader.exe, version 3.2.1.401, fault address 0x00060a1e.

Error - 4/7/2011 4:10:28 PM | Computer Name = FOOTBALL | Source = Application Error | ID = 1000
Description = Faulting application KService.exe, version 5.11.704.230, faulting
module KService.exe, version 5.11.704.230, fault address 0x00211e5a.

Error - 4/8/2011 3:18:09 PM | Computer Name = FOOTBALL | Source = Application Error | ID = 1000
Description = Faulting application fm.exe, version 8.0.0.44497, faulting module
fm.exe, version 8.0.0.44497, fault address 0x0086903a.

Error - 4/8/2011 3:20:13 PM | Computer Name = FOOTBALL | Source = Application Error | ID = 1000
Description = Faulting application fm.exe, version 8.0.0.44497, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 4/8/2011 3:21:31 PM | Computer Name = FOOTBALL | Source = Application Error | ID = 1000
Description = Faulting application fm.exe, version 8.0.0.44497, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 4/9/2011 1:58:38 PM | Computer Name = FOOTBALL | Source = Application Error | ID = 1000
Description = Faulting application 62dybhef.exe, version 1.0.15.15570, faulting
module 62dybhef.exe, version 1.0.15.15570, fault address 0x0006a86c.

Error - 4/9/2011 2:57:19 PM | Computer Name = FOOTBALL | Source = Application Error | ID = 1000
Description = Faulting application 62dybhef.exe, version 1.0.15.15570, faulting
module 62dybhef.exe, version 1.0.15.15570, fault address 0x0000ccad.

[ System Events ]
Error - 4/8/2011 6:20:07 PM | Computer Name = FOOTBALL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/9/2011 1:23:52 AM | Computer Name = FOOTBALL | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 4/9/2011 1:32:11 AM | Computer Name = FOOTBALL | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 4/9/2011 1:54:53 PM | Computer Name = FOOTBALL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 4/9/2011 1:55:12 PM | Computer Name = FOOTBALL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 4/9/2011 1:55:41 PM | Computer Name = FOOTBALL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 4/9/2011 2:42:24 PM | Computer Name = FOOTBALL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 4/9/2011 3:03:05 PM | Computer Name = FOOTBALL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 4/9/2011 3:03:19 PM | Computer Name = FOOTBALL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 4/10/2011 1:25:05 AM | Computer Name = FOOTBALL | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

< End of report >

< End of report >

#12
Dakeyras

Posted 10 April 2011 - 09:35 AM

Anti-Malware Mammoth

Expert
9,773 posts

Hi.

Hi Dakeyras i finaly manged to download OTL to my computer so i did not use flash disinfector.

OK.

Random Access Memory Advice:

502.00 Mb Total Physical Memory | 209.00 Mb Available Physical Memory | 42.00% Memory free

Though Microsoft claims XP will run with a mere 128 MB installed in my opinion a minimum of 1 GB is far better.

If you wish to upgrade the installed memory, Crucial have a small scanner(CrucialScan.exe)which is perfectly safe to download and run. Which will advise if your system can support any upgraded memory modules. They cater for the US/UK and Europe.

Next:

Please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

SUPERAntiSpyware Free Edition <-- Will hinder the malware removal process.
ThreatFire <-- Causing a system conflict with avast! Free Antivirus

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Click on Start >> Run...(or the Windows key and R togethor) to bring up the Run box and and copy and paste in:

"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\otl-backup

and click on OK.

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK

firewall.cpl

Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select On(recommended) >> OK.

Custom OTL Script:

Double-click OTL.exe to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
SRV - (AppMgmt) -- File not found
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
[2009/12/08 23:07:56 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\conduit.xml
[2009/10/24 11:18:08 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\Niyazi Mustafa\Application Data\Mozilla\Firefox\Profiles\girb7qyo.default\searchplugins\searchalot.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVD2.dll (Conduit Ltd.)
O4 - HKCU..\Run: [DriverScanner] File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/04/10 00:33:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
2011/03/22 00:18:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2006/03/19 19:19:43 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\F63AE96CED.sys
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

:Files 
ipconfig /flushdns /c 
%systemroot%\prefetch\*.* 
C:\Program Files\SUPERAntiSpyware
C:\Program Files\ThreatFire

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]

Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Launch the application, Check for Updates >> Perform quick scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
Malwarebytes Anti-Malware Log.

#13
aliboy66

Posted 10 April 2011 - 03:30 PM

Member

Topic Starter
Member
104 posts

Hi can i delete Threatfire its got Trojan in quarantined is it safe to delete?

#14
Dakeyras

Posted 10 April 2011 - 03:51 PM

Anti-Malware Mammoth

Expert
9,773 posts

Aye it is safe to uninstall and part of the OTL custom script will target the program files folder belonging to ThreatFire if it is left behind after uninstallation.. So defacto what ever is in quarantine will be removed also and not be a issue/cause for concern.

#15
aliboy66

Posted 12 April 2011 - 03:10 AM

Member

Topic Starter
Member
104 posts

Hi Dakeyras done most could not check my memory could not update Malwarebytes Anti-Malware: mine was 13 days old or something? my computer is still the same web pages still take forever to load as for downloads its like somethings blocking it i don't understand somethings update no problem and some don't i not on my computer at the moment i will send you the Malwarebytes Anti-Malware: log later but it looks clear nothing found,could it be my computer is old i have had for 7-8 yaers