-
Infected/Slow PC
When I click on any icon on my PC or a link on a webpage, I get a persistent window.
In the upper left hand corner (title bar) it will give "executable name".exe - Bad image. In the gray box. It shows "The application or DLL c:\windows\system32\doyisege.dll is not a valid window image. Please check this against your installation diskette.
Among the other problems I have, Microsoft Security Essentials won't upgrade. Error code:0x80070050 is displayed.
I found this site from the Hijackthis web page. I hope you can help.
The log is below. I hope you can help. Thanks
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:46:13 AM, on 9/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Administrator\Local Settings\Apps\F.lux\flux.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\POWERISO\PWRISOVM.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\SLYSOFT\ANYDVD\ANYDVD.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\PROGRAM FILES\YAHOO!\MESSENGER\ymsgr_tray.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Administrator\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\doyisege.dll refobaju.dll c:\windows\system32\fofarohi.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: mujuzedij - {de416087-ce24-4659-a17c-363d0d6d50f4} - (no file)
O22 - SharedTaskScheduler: gahurihor - {84d5b3a9-1826-44a1-b352-c57bd47fbfb4} - c:\windows\system32\fofarohi.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\RpcSandraSrv.exe
--
End of file - 12003 bytes
-
HJT is npt what it once was, so follow the instructions at
http://discussions.virtualdr.com/sho...d.php?t=167915
And POST the logs in this thread.
-
Here is the log for step one.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/4/2010 1:55:06 AM
mbam-log-2010-09-04 (01-55-06).txt
Scan type: Quick scan
Objects scanned: 120284
Time elapsed: 29 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> No action taken.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\DOYISEGE.DLL (Trojan.Vundo.H) -> No action taken.
I removed selected as directed in the link provided. I am currently running the GMER for step 2.
-
Your log shows that you did not remove selected items. You must have posted the wrong log if you did remove the items.
Please update MalwareBytes (as requested in the link) and then re-run and remove what is found.
Post the log showing that the items were in fact, removed.
============
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
Thanks Crunchie.
I am still running GMER.
Can you confirm the order of the programs I should run after GMER? Should I run DDS as suggested in the link?
Thanks in advance!
-
Yes please. The order would preferably be MalwareBytes first (after updating it) and then either GMER or DDS as the latter are only scanning.
-
mbam logs
Here is the log that shows I removed the items yesterday mentioned in the thread earlier.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/4/2010 1:57:00 AM
mbam-log-2010-09-04 (01-57-00).txt
Scan type: Quick scan
Objects scanned: 120284
Time elapsed: 29 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\DOYISEGE.DLL (Trojan.Vundo.H) -> Quarantined and deleted successfully.
After updating mbam, I ran it again. Here are the results:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4544
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/4/2010 1:43:38 PM
mbam-log-2010-09-04 (13-43-38).txt
Scan type: Quick scan
Objects scanned: 136946
Time elapsed: 55 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temp\utt157.tmp.exe (Trojan.Pakes) -> Quarantined and deleted successfully.
About GMER, when I woke up this AM, I realized that the computer had rebooted overnight. I'll have to rerun it after this reboot. Thanks in advance
-
Before I left for work, I launched GMER, but the PC rebooted while it was running. I ran it one more time and left for work. When I came home, I found a Windows error message that it there was a serious issue and it rebooted. I don't recall the exact wording. Anyway, I am going to run GMER in safe mode and report back.
-
GMER
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-05 02:20:01
Windows 5.1.2600 Service Pack 3
Running: b9d2lrlg.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxtdqpow.sys
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwCreateKey [0xF74ED0D0]
SSDT sptd.sys ZwEnumerateKey [0xF74F2FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF74F3340]
SSDT sptd.sys ZwOpenKey [0xF74ED0B0]
SSDT sptd.sys ZwQueryKey [0xF74F3418]
SSDT sptd.sys ZwQueryValueKey [0xF74F3298]
SSDT sptd.sys ZwSetValueKey [0xF74F34AA]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload BA6D28AC 5 Bytes JMP 8A76B770
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F750406C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7504018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75269AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F750406C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74EDAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74EDC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74EDB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74EE748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74EE61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F750329A] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A8BC1E8
Device \FileSystem\Fastfat \FatCdrom 8A2913D0
Device \Driver\usbuhci \Device\USBPDO-0 8A76D790
Device \Driver\NetBT \Device\NetBT_Tcpip_{E41E7656-48C5-4D85-8E80-515A07908B63} 8A3B71E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A8BE1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A8BE1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A8BE1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A8BE1E8
Device \Driver\usbuhci \Device\USBPDO-1 8A76D790
Device \Driver\usbuhci \Device\USBPDO-2 8A76D790
Device \Driver\usbehci \Device\USBPDO-3 8A76C790
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8531E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8531E8
Device \Driver\Cdrom \Device\CdRom0 8A739590
Device \Driver\Cdrom \Device\CdRom1 8A739590
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 8A739590
Device \Driver\usbstor \Device\00000080 8A3B61E8
Device \Driver\usbstor \Device\00000081 8A3B61E8
Device \Driver\usbstor \Device\00000082 8A3B61E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A3B71E8
Device \Driver\usbstor \Device\00000083 8A3B61E8
Device \Driver\NetBT \Device\NetbiosSmb 8A3B71E8
Device \Driver\usbstor \Device\00000088 8A3B61E8
Device \Driver\usbuhci \Device\USBFDO-0 8A76D790
Device \Driver\usbuhci \Device\USBFDO-1 8A76D790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A3AB1E8
Device \Driver\usbuhci \Device\USBFDO-2 8A76D790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A3AB1E8
Device \Driver\usbehci \Device\USBFDO-3 8A76C790
Device \Driver\usbstor \Device\0000007d 8A3B61E8
Device \Driver\Ftdisk \Device\FtControl 8A8531E8
Device \Driver\usbstor \Device\0000008a 8A3B61E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port2Path0Target1Lun0 8A8BD1E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port2Path0Target0Lun0 8A8BD1E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 8A8BD1E8
Device \FileSystem\Fastfat \Fat 8A2913D0
Device \FileSystem\Cdfs \Cdfs 8A309790
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
---- EOF - GMER 1.0.15 ----
-
When I double click on dds on my desktop, a "Open File - Security Warning window" opens and shows its Type as a DWG TrueView Script. It opens in notepad. How should this open? Do I need to uninstall the DWG TrueView program?
Since your earlier message said GMER or DDS, I am just gonna move onto OTL, but I would like to know how to get that DDS to work properly.
-
Ok. When I ran OTL I had some Exception error windows that popped up, I was going to cancel, and restart OTL but I kept running.
here is the OTL log in several parts
-
OTL logfile created on: 9/5/2010 2:43:11 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 14.43 Gb Free Space | 19.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 298.09 Gb Total Space | 33.25 Gb Free Space | 11.15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WAYNE
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/09/04 03:52:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
PRC - [2010/09/01 07:23:10 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/06/14 21:38:32 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/02/18 12:13:58 | 000,059,904 | ---- | M] (SeriousBit) -- C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/09/30 17:45:00 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 17:43:38 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/11 16:46:44 | 000,835,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2008/04/11 15:13:52 | 001,085,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/01/31 18:27:04 | 000,118,784 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2007/10/11 20:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/04/09 07:23:11 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007/04/03 13:54:38 | 000,271,936 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2004/06/15 23:17:38 | 000,069,705 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe
PRC - [2004/01/09 05:54:06 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2002/10/23 11:15:08 | 000,086,016 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
========== Modules (SafeList) ==========
MOD - [2010/09/04 03:52:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/04/03 13:54:50 | 000,063,032 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (x10nets)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\TEMP\001725~1.EXE -- (0017251259724200mcinstcleanup) McAfee Application Installer Cleanup (0017251259724200)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/01/15 11:28:20 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/01/08 10:11:25 | 000,366,704 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- c:\program files\a-squared free\a2service.exe -- (a2free)
SRV - [2007/02/02 01:06:46 | 000,118,784 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007/02/02 00:53:18 | 001,323,184 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2002/09/27 12:56:20 | 000,139,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hitmanpro3.sys -- (hitmanpro3)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/09/01 07:23:16 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/07 20:12:07 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/07 20:12:07 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/09 11:49:42 | 000,022,528 | ---- | M] (SeriousBit) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nbdrv.sys -- (Nbdrv)
DRV - [2009/08/03 13:33:46 | 000,040,960 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:32 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gckernel.sys -- (GcKernel)
DRV - [2008/03/27 21:01:40 | 000,009,744 | ---- | M] (EMS Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TLKerII.SYS -- (TrioLinkerII)
DRV - [2008/03/19 11:53:38 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/08 09:20:35 | 000,005,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MS1000.sys -- (MS1000)
DRV - [2007/08/07 14:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/08/01 23:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/07/14 21:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pstrip.sys -- (PStrip)
DRV - [2007/06/15 22:05:42 | 000,002,554 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\kwflower.log -- (kwflower)
DRV - [2007/06/07 16:48:57 | 000,097,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/05/25 14:55:04 | 000,065,024 | ---- | M] (Kerio Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kvpndrv.sys -- (kvpndev)
DRV - [2007/04/09 07:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/03/20 11:33:26 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2007/02/15 19:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007/01/23 16:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/01/23 16:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/01/23 16:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/12/12 12:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/09/03 10:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/01 23:20:56 | 000,023,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ProtoWall.sys -- (ProtoWall)
DRV - [2005/08/15 12:08:26 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2005/08/15 12:08:26 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/10/15 13:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/07/10 20:37:02 | 000,747,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004/03/23 21:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2004/01/10 02:17:02 | 000,601,100 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/01/07 17:04:00 | 000,339,488 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB20XP.sys -- (PRISM_A02)
DRV - [2003/12/15 12:28:46 | 000,257,872 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atirwvd.sys -- (ATI Remote Wonder II)
DRV - [2003/12/12 02:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2002/10/16 01:11:22 | 000,019,968 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2001/08/17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
-
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/...ch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {45d8ff86-d909-11db-9705-005056c00008}:1.0.2
FF - prefs.js..extensions.enabledItems: feedly@devhd:3.x
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.721
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100823
FF - prefs.js..extensions.enabledItems: [email protected]d:1.5.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/27 14:09:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/09/03 09:02:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/03 13:23:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 21:42:54 | 000,000,000 | ---D | M]
[2008/12/05 11:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/09/04 23:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions
[2010/09/02 11:50:49 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/16 13:56:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/14 09:37:59 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2010/02/17 17:35:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/02 11:50:44 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/18 10:08:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/02 11:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/04/14 09:50:57 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/14 09:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/01/28 15:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/09/02 11:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\feedly@devhd
[2010/09/02 11:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/04/18 13:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/03/28 07:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/06/14 09:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/09/02 11:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\feedly@devhd\content\app\extension
[2010/01/25 05:32:47 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\amazondotcom.xml
[2007/10/17 12:47:35 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\bitmetvorg.xml
[2009/06/12 09:23:15 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\ebay.xml
[2007/05/01 01:01:34 | 000,001,406 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\siteadvisor.gif
[2007/05/01 01:01:34 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\siteadvisor.src
[2007/05/01 01:00:26 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\siteadvisor.xml
[2009/04/07 16:06:10 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\youtube-video-search.xml
[2010/09/04 12:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/13 16:05:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/27 20:27:21 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/28 21:44:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2007/03/22 10:45:00 | 000,385,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
O1 HOSTS File: ([2009/12/07 10:28:20 | 000,000,047 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fbook****s.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\atidtct.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PowerStrip] c:\Program Files\PowerStrip\PStrip.exe (EnTech Taiwan)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKCU..\Run: [F.lux] C:\Documents and Settings\Administrator\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe (SeriousBit)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartmenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
-
O15 - HKCU\..Trusted Domains: 02pmnzy5eo29bfk4.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: 093qpeuqpmz6ebfa.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: 163.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: 2004search.cc ([]* in My Computer)
O15 - HKCU\..Trusted Domains: 356563.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: 5hvx2m8sixttkn8a.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: aa03.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: abcfind.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: adclick.de ([]* in My Computer)
O15 - HKCU\..Trusted Domains: advancedtrafficnetwork.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: advnt03.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: afterlifetelegrams.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ahppress.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: aleateia.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: allcitypages.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: all-dating-secrets.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: animalrank.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: apmebf.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: apps.deskwizz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: arubadev.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: asiangirls.ss.ru ([]* in My Computer)
O15 - HKCU\..Trusted Domains: asp030.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: asp070.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: atdmt.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: badboss.tv ([]* in My Computer)
O15 - HKCU\..Trusted Domains: balletsanjosesiliconvalley.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bannedmpegs.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: barcelo-hotels-cuernavaca.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: beastrank.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bestfind.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bestmature4free.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: best-mature-babes.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bestpornnews.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bestwaycum.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: betterfinder.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: biblelifechurch.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bigpornguide.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bitchonmydick.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: blackrating.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: black-search.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: block-checker.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: blyabudu.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bogazicivideo.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: boylovemen.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: boy-men.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: boys-city.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: boysextop.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: britney-spears-picture.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: broadband-xxx-movie.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bsnlbuldhana.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: buenavistacarecenter.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bulk-search.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: business-cc.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: by.ru ([]* in My Computer)
O15 - HKCU\..Trusted Domains: cagindia.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: cambridgepoetryawards.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: candiesclub.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: casinos-online.md ([]* in My Computer)
O15 - HKCU\..Trusted Domains: chargitdial.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: chicklick.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: china-design.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: chocolatebeauty.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: chubbyfantasy.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: cimfel.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: cityonweb.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: claria.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: clubasean.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: college-football-video.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: confirmationdepartment.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: content-loader.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: coolnameserv.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: coolwebsearch.us ([]* in My Computer)
O15 - HKCU\..Trusted Domains: costplusdata.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: countedstitches.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: cracks.me.uk ([]* in My Computer)
O15 - HKCU\..Trusted Domains: crackz.ws ([]* in My Computer)
O15 - HKCU\..Trusted Domains: crazyitalydialer.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: crossdots.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: cumonteens.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: cyberneedfulthings.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: daily-virgins.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: danmac.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: deaddrunk****s.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: default-homepage-network.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: definehci.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: denverteachercompensation.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: devilsmp3.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: dialerzona.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: didierbguadeloupe.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: directplugin.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: disavowed.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: dogdj.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: dontgetporn.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: doubleclick.ne.jp ([]* in My Computer)
O15 - HKCU\..Trusted Domains: drabland.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: drunk-bang.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: drunken-boys.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: drunken-sex.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: drunkenworld.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: dsm.xu.pl ([]* in My Computer)
O15 - HKCU\..Trusted Domains: dworbellinc.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: easysearch.cc ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ebonyboom.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: echelon-dynamics.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: effectivesearch.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ehttp.cc ([]* in My Computer)
O15 - HKCU\..Trusted Domains: elateck.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: emjcd.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: e-service.ws ([]* in My Computer)
O15 - HKCU\..Trusted Domains: euniverseads.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: everythingonweb.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: excixe.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: exitmoney.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: extreme-virgins.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: falkag.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: family-incest-sex.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: fastadvert.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: fastgoogle.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: fatolders.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: fed-icc.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ff02.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: fide01.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: find4fun.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: findarachnids.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: find-bid.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: find-fun.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: find-more.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: find-porn-here.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: findsx.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: find-the.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: find-visit.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: findwasps.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: finetimesearch.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: flipperkeys.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: fnoob.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: forbidden-mpegs.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: forgaymarriage.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: fortleesaloon.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: free-celeb-pics.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: free-f*cking-video.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: freeloll.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: free-naked-celebrity.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: freepornisland.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: free-spy-cam.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: freexxxpages.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: freshrapepics.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ****-dream.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ****ing-video.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ****nicepics.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ****tera.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: funtarget.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: futuredreamscy.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: gamehouse.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: gator.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: gigs7.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: gipersearch.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: girlsascats.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: gladsclan.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: gonnasearch.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: goodfellowsrestaurant.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: googkle.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: groupfind.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: gsnh.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: hardysex.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: hc-express.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: headinsurance.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: hitmyass.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: holidayvillaestepona.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: homesexsearch.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: horsesearch.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: hotwebsearch.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: hqlist.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: httpads.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: hugesearch.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: icanfindit.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: icarsinc.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: iframenetwork.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: imageactivex.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: incfind.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: indipindenza.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: innonlocust.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ioacon.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ipcons.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: isacasa.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ivfdf2005.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: jackycaps.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: jengadss.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: jerkoffolders.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: jordan-katie-price.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: juliehillmusic.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: kilimedical.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: kingofmp3.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: kqzyfj.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lacyhart.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: laopen.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: latinbanking.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lavasoftpersonallfirewall.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lemarkregionals.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: liferowboys.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lindsay-lohan-nude.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: line-find.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: list2004.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lolkiss.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lookandvote.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lookingfor.cc ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lovemynet.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lust-movies.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: luycos.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mailmx02.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mainentrypoint.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mantacorp.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: maria-sharapova.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: maturecunts.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: maximumsearch.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: meta-shop.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: microgirls.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: millergames.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: moneybg.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: moreporn.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mostinterestingstuff.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mp3cherry.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mp3rankings.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mp3traffic.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mpgcodec.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: msn1.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: muul.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: muxa.cc ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mx03.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: myfind4u.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mypoiskovik.com ([]* in My Computer)
-
O15 - HKCU\..Trusted Domains: namestotreasure.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: needupdate.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: nerdhq.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: netpaloffers.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ngadcenter.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: nhlweb.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: niceblowjob.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: nitrosex.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: nocreditcard.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: noobb.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: norsty.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: nowfind.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ntallc.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: nudeboysex.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: objectactivex.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: obscenevideo.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: oderzo.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: offerssearch.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ogechiwear.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ohfind.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: onlinenoob3.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: on-linesearch.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: onlyrandom.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: opentracker.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: other-find.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: pantyhoserating.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: parenting-directory.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: partokrat.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: peanutco.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: pee-girls.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: pictures1.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: plak.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: playminigolf.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: plumpersclub.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: plumptoplist.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: poap02.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: porcosnet.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: porn-star-news.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: power-search.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: praxisremarketing.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: prn.ru ([]* in My Computer)
O15 - HKCU\..Trusted Domains: protectgates.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: purescans.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: quickreplies.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: rape-toplist.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: realsexpass.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: relatedfind.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ricge.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: roings.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: roundonemartialarts.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: rr03.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: running-pages.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: russoc.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: rytisstechnologies.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: sama.ru ([]* in My Computer)
O15 - HKCU\..Trusted Domains: sanspelo.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: satis****tion.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: scan-search.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: school-****.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: scin-care-drugs.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: searchable-sex.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: search-access.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: searchallhere.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: search-and-go.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: search-explorer.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: searchhtg.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: searchmadesafe.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: searchpage.cc ([]* in My Computer)
O15 - HKCU\..Trusted Domains: search-seek.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: search-top.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: searchweb.ws ([]* in My Computer)
O15 - HKCU\..Trusted Domains: seekaround.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: selltraff.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: serving-sys.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: sexybabesx.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: shockingboysites.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: singtaotor.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: smart-finder.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: sotfo.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: sp2msupdateresearch.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: specific911.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: spicyebonysex.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: spootie.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: sputnikbook.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: stardialer.de ([]* in My Computer)
O15 - HKCU\..Trusted Domains: start-page.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: stpaulpioneers.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: stuphome.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: suchki.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: sunburstonline.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: sweeticings.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: tabi-tv.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: tadstore.cc ([]* in My Computer)
O15 - HKCU\..Trusted Domains: teeens.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: teenagepic.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: teenhqpics.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: teens4porn.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: teensfestival.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: teentitts.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: tehranzamin.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: teramedix.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: the-ad-lab.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: thedraft2004.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: thegoneoverseas.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: theplumpers.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: thethumbsite.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: toolbarmoney.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: topadult10.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: topnetsearch.cc ([]* in My Computer)
O15 - HKCU\..Trusted Domains: transsexxxual.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: treyparker.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: troyanov.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: trytofind.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ultralinks.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: updateyoursystem.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: usearch.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: valuevids.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: vetpool.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: videocodecupdate.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: vioclicks.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: virtualnoob3.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: vizitus.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: vulgarmovies.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: web-4-design.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: webbrowser.tv ([]* in My Computer)
O15 - HKCU\..Trusted Domains: webforhumans.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: websearchnetwork.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: weekly-teens.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: wet-teenie.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: wildarcade.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: witenterprises.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: womensphil.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: worldgaypics.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: wwwfinder.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: xcnn.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: x-orgasm.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: xxx.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: xxxmoms.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: youcangetitdone.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: youngboyvideo.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: young-plumpers.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: yoursearchbar.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: youthpassagenet.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: yyepp.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: zambeel.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: zoodrawings.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: zoosexart.com ([]* in My Computer)
O15 - HKCU\..Trusted Ranges: Range12 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range16 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range2 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range23 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range27 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range30 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range34 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range38 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range41 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range45 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range49 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range52 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range56 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range6 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range63 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range67 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range70 ([*] in My Computer)
-
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/ho...vex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\windows\system32\doyisege.dll) - C:\WINDOWS\System32\doyisege.dll File not found
O20 - AppInit_DLLs: (refobaju.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\fofarohi.dll) - C:\WINDOWS\System32\fofarohi.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O22 - SharedTaskScheduler: {84d5b3a9-1826-44a1-b352-c57bd47fbfb4} - gahurihor - C:\WINDOWS\System32\fofarohi.dll File not found
O22 - SharedTaskScheduler: {de416087-ce24-4659-a17c-363d0d6d50f4} - mujuzedij - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/26 00:59:34 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/10/06 14:31:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{89b2a319-5535-11db-91e3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{89b2a319-5535-11db-91e3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89b2a319-5535-11db-91e3-806d6172696f}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)
========== Files/Folders - Created Within 30 Days ==========
[2010/09/05 02:22:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/09/04 23:15:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/09/04 14:11:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/09/04 04:03:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/04 03:51:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/03 09:00:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/09/03 08:58:46 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/09/03 08:55:45 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/09/03 08:50:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/08/31 14:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/08/31 13:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2010/08/31 13:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity
[2010/08/31 12:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Gutterball 2
[2010/08/31 12:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/08/31 12:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2010/08/28 21:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/28 21:43:03 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/28 21:42:45 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/28 21:42:44 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/28 21:42:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/28 21:42:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/25 21:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SITER SKAIN
[2010/08/25 21:37:22 | 000,249,856 | ---- | C] (nobukichi) -- C:\WINDOWS\eiunin21.exe
[2010/08/25 21:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\SITER SKAIN
[2010/08/24 09:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\CPWizard
[2008/03/28 20:22:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2006/12/02 15:16:07 | 000,131,072 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
-
========== Files - Modified Within 30 Days ==========
[2010/09/05 02:43:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-725345543-500UA.job
[2010/09/05 02:36:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/09/05 02:34:38 | 015,728,640 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/09/05 02:26:43 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/09/05 02:25:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/05 02:23:56 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/09/05 02:23:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/05 02:23:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/05 02:22:07 | 000,000,098 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/04 21:43:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-725345543-500Core.job
[2010/09/04 13:50:10 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\b9d2lrlg.exe
[2010/09/04 05:22:49 | 000,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/04 05:04:08 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/04 04:48:32 | 000,488,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/04 04:48:32 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/04 04:48:32 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/04 04:01:16 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/04 03:52:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/04 00:55:16 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/04 00:55:16 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/04 00:44:50 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/09/03 13:22:06 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/31 12:46:05 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/08/23 20:23:48 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 19:59:24 | 000,008,199 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\radio free playlist.ods
[2010/08/10 19:12:39 | 000,080,228 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie24.jpg
[2010/08/10 19:12:24 | 000,093,268 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie23.jpg
[2010/08/10 19:12:03 | 000,073,784 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie22.jpg
[2010/08/10 19:11:52 | 000,090,950 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie21.jpg
[2010/08/10 19:11:40 | 000,050,896 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie20.jpg
[2010/08/10 19:11:30 | 000,066,279 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie19.jpg
[2010/08/10 19:11:20 | 000,058,321 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie18.jpg
[2010/08/10 19:10:53 | 000,048,757 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie16.jpg
[2010/08/10 19:10:40 | 000,069,390 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie15.jpg
[2010/08/10 19:10:29 | 000,076,516 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie14.jpg
[2010/08/10 19:10:19 | 000,083,011 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie13.jpg
[2010/08/10 19:10:03 | 000,065,049 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie12.jpg
[2010/08/10 19:09:51 | 000,076,395 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie11.jpg
[2010/08/10 19:09:42 | 000,092,232 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie10.jpg
[2010/08/10 19:09:31 | 000,068,093 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie9.jpg
[2010/08/10 19:09:18 | 000,077,329 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie8.jpg
[2010/08/10 19:08:57 | 000,082,510 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie7.jpg
[2010/08/10 19:08:31 | 000,061,112 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie6.jpg
[2010/08/10 19:08:21 | 000,072,537 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie5.jpg
[2010/08/10 19:08:11 | 000,080,832 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie4.jpg
[2010/08/10 19:07:52 | 000,060,865 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie3.jpg
[2010/08/10 19:07:34 | 000,074,183 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie2.jpg
[2010/08/10 19:07:20 | 000,084,577 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie1.jpg
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/04 13:50:50 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/09/04 13:50:42 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\b9d2lrlg.exe
[2010/09/04 04:01:16 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/04 00:55:16 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/04 00:23:02 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/08/31 12:46:05 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/08/23 19:59:10 | 000,008,199 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\radio free playlist.ods
[2010/08/10 19:12:39 | 000,080,228 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie24.jpg
[2010/08/10 19:12:24 | 000,093,268 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie23.jpg
[2010/08/10 19:12:02 | 000,073,784 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie22.jpg
[2010/08/10 19:11:52 | 000,090,950 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie21.jpg
[2010/08/10 19:11:40 | 000,050,896 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie20.jpg
[2010/08/10 19:11:30 | 000,066,279 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie19.jpg
[2010/08/10 19:11:20 | 000,058,321 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie18.jpg
[2010/08/10 19:10:53 | 000,048,757 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie16.jpg
[2010/08/10 19:10:39 | 000,069,390 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie15.jpg
[2010/08/10 19:10:29 | 000,076,516 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie14.jpg
[2010/08/10 19:10:19 | 000,083,011 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie13.jpg
[2010/08/10 19:10:03 | 000,065,049 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie12.jpg
[2010/08/10 19:09:51 | 000,076,395 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie11.jpg
[2010/08/10 19:09:42 | 000,092,232 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie10.jpg
[2010/08/10 19:09:31 | 000,068,093 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie9.jpg
[2010/08/10 19:09:18 | 000,077,329 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie8.jpg
[2010/08/10 19:08:57 | 000,082,510 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie7.jpg
[2010/08/10 19:08:30 | 000,061,112 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie6.jpg
[2010/08/10 19:08:21 | 000,072,537 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie5.jpg
[2010/08/10 19:08:10 | 000,080,832 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie4.jpg
[2010/08/10 19:07:51 | 000,060,865 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie3.jpg
[2010/08/10 19:07:34 | 000,074,183 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie2.jpg
[2010/08/10 19:07:19 | 000,084,577 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie1.jpg
[2010/03/27 21:34:40 | 000,014,948 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\PqdPe6YoKQ5
[2010/03/27 21:34:40 | 000,014,948 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PqdPe6YoKQ5
[2010/01/13 20:29:34 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log
[2009/06/27 20:32:46 | 000,002,953 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\movie_gui_builder.pref
[2009/06/27 20:32:45 | 000,003,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\movie_gui_builder_layout.xml
[2009/06/27 20:32:25 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\movie_gui_builder_sync.pref
[2009/05/22 08:17:52 | 000,001,549 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2009/02/26 11:39:19 | 000,000,088 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/14 15:20:06 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/12/14 15:20:05 | 000,000,817 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/12/14 15:18:41 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/12/14 15:18:41 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/12/14 15:08:51 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/12/14 15:08:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2008/12/14 14:58:45 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/06/06 12:01:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\w32apiw.dll
[2008/03/28 20:22:32 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2008/03/28 20:22:32 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2008/03/28 20:22:32 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2008/03/27 20:54:48 | 000,225,354 | ---- | C] () -- C:\WINDOWS\System32\EMSTrioFF.DLL
[2008/03/27 20:54:46 | 003,239,936 | ---- | C] () -- C:\WINDOWS\System32\EMSTrioCP.dll
[2008/03/27 20:54:46 | 000,003,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\FltrKbd.SYS
[2008/03/19 11:53:37 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/10 14:47:33 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/01/15 13:19:23 | 000,008,685 | ---- | C] () -- C:\WINDOWS\boc425.ini
[2008/01/08 09:20:35 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\MS1000.sys
[2007/10/17 16:10:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DirSize.dll
[2007/09/29 23:23:43 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\32985ae5-e1a2-444b-a036-f62f31304442.dll
[2007/09/20 18:05:16 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/09/20 18:05:14 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/20 18:05:14 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/09/20 18:05:13 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/09/20 18:05:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/06/10 22:32:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\autoscan.dll
[2007/05/06 14:37:44 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/05/06 14:35:02 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2007/05/06 14:35:00 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2007/05/03 10:55:50 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/04/12 00:51:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2007/04/08 18:05:26 | 000,000,250 | ---- | C] () -- C:\WINDOWS\mgutil_reg.ini
[2007/04/08 18:03:17 | 000,000,007 | ---- | C] () -- C:\WINDOWS\mgutil_win.ini
[2007/04/08 17:14:49 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2007/03/09 09:01:48 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2007/03/09 09:01:48 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2007/02/14 21:39:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/02/01 14:02:57 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/26 14:08:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/18 17:10:35 | 000,000,361 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/01/11 08:28:30 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/01/10 06:07:11 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/01/05 17:03:13 | 000,016,384 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/12/02 18:07:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/12/02 15:20:23 | 000,100,352 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/01 23:20:56 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ProtoWall.sys
[2004/07/10 20:35:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/01/28 12:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/03/09 15:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2006/01/20 08:56:27 | 016,736,075 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/06 20:29:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/12/06 20:29:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2006/01/20 08:56:27 | 016,736,075 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/06 20:29:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/12/06 20:29:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2005/11/04 21:45:54 | 000,095,616 | ---- | M] (Microsoft Corporation) MD5=C4B52426B79C6F6664B70B8E63B1B837 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006/10/06 08:12:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/10/06 08:12:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/10/06 08:12:08 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:743A8968
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\rundll32.exe:�SummaryInformation
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
-
Here is the extras file in parts
-
OTL Extras logfile created on: 9/5/2010 2:43:11 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 14.43 Gb Free Space | 19.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 298.09 Gb Total Space | 33.25 Gb Free Space | 11.15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WAYNE
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OverDisk] -- "C:\Program Files\OverDisk\OverDisk.exe" "%1" (Elias Fotinis)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"31697:TCP" = 31697:TCP:*:Enabled:remdesk
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"51013:TCP" = 51013:TCP:*:Enabled:tcp
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9100:TCP" = 9100:TCP:*:Enabled:print
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
-
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\Win32\RpcDataSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service -- (SiSoftware)
"C:\Program Files\TightVNC\WinVNC.exe" = C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server -- (TightVNC Group)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Steam\steamapps\common\droplitz\Cascade.exe" = C:\Program Files\Steam\steamapps\common\droplitz\Cascade.exe:*:Enabled:Droplitz -- ()
"C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe" = C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe:*:Disabled:Foxit PDF Editor, the first REAL editor for PDF files! -- (Foxit Software Company)
"C:\Documents and Settings\Administrator\Desktop\New Folder\utorrent.exe" = C:\Documents and Settings\Administrator\Desktop\New Folder\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}" = EverNote 2 Plus
"{01BD17DF-FF2B-465F-89EA-507309553A59}_is1" = HyperPin 0.5.0.0
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}" = ATIRW2
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3F9FB449-93DB-4C47-BB5B-7334C4D1736E}" = SD Formatter
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{639858DD-4966-40F3-A706-7C838BCF3A2B}" = MaxBlast 4
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6A6C087B-17F4-4A90-8542-85F0BFB58B16}" = SigmaTel MTPMSCN Audio Player
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8988F5D0-C83F-41F4-B41B-86031F9B37F5}" = ATI Multimedia Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 TBYB
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8E0D233D-8B06-47A1-BA22-3A767CCD69E3}" = WinPatrol
"{8F04AE70-9C11-11DF-8F84-005056C00008}" = Google Earth Plug-in
"{92B79901-C57D-409F-8D2F-4E5337383569}" = OpenOffice.org 3.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.1
"{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1
"{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1" = Fast Duplicate File Finder 1.1.0.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B396D04E-FDD9-45D1-9345-F1132E444185}" = NetInfo
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BFB8C7BE-3BFA-446C-9F3E-3AFBA5BC1033}" = Nero 7 Ultra Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C15B6175-689A-4D97-A42C-7225353F60A7}" = Linksys Updater
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Engineer XI.SP1 (Win64/32/CE)
"{C3FDA1E4-1E17-48D8-B4F0-C141E9FFB4BA}" = nullDC 1.0.0 Public Beta 1 Setup
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D9226EB1-C528-48AC-B423-BD9240E1F60B}" = Opera 9.62
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{DDBD3156-5939-4E73-95B4-6BA111A37D25}" = WDTV MSG
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EDE28287-D32C-415E-9C97-2BF9F9260150}" = ATI Decoder
"{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}" = Intel(R) PROSet
"{EF857B8B-127D-4473-8936-2060EE3AD14C}" = Podcast Station 2.1
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AnalogX NetStat Live" = AnalogX NetStat Live
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"AutoHotkey" = AutoHotkey 1.0.48.05
"BFGC" = Big Fish Games: Game Manager
"BFG-Gutterball 2" = Gutterball 2
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"CPWizard_is1" = CPWizard 2.35
"Defraggler" = Defraggler
"Disk Space Fan_is1" = Disk Space Fan 1.4.2.796
"DWG TrueView 2011" = DWG TrueView 2011
"Dyson_is1" = Dyson v1.20
"Exact Audio Copy" = Exact Audio Copy 0.95b4
"FLAC" = FLAC Installer 1.1.3b (remove only)
"foobar2000" = foobar2000 v1.0
"Foxit PDF Editor" = Foxit PDF Editor
"Future Pinball_is1" = Future Pinball
"Gaim" = Gaim (remove only)
"GetBot" = GetBot
"Glary Undelete_is1" = Glary Undelete 1.3
"Glary Utilities_is1" = Glary Utilities Pro 2.18.0.786
"GTK 2.0" = GTK+ Runtime 2.6.9 rev a (remove only)
"Handbrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn (Remove Only)
"InstallShield_{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}" = ATI Remote Wonder 2.3
"InstallShield_{8988F5D0-C83F-41F4-B41B-86031F9B37F5}" = ATI Multimedia Center 9.01
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InstallShield_{EDE28287-D32C-415E-9C97-2BF9F9260150}" = ATI Decoder
"Jets N Guns GOLD_is1" = Jets N Guns GOLD
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.0 Full
"LastFM_is1" = Last.fm 1.5.4.24567
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mame Compiler 64_is1" = Mame Compiler 64 v1.19
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaInfo" = MediaInfo 0.7.16
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nCleaner" = nCleaner second 2.3.4.0
"NetBalancer_is1" = NetBalancer
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"OpenAL" = OpenAL
"OverDisk" = OverDisk (remove only)
"PeerGuardian_is1" = PeerGuardian 2.0
"PFConfig" = PFConfig 1.0.187
"Picasa 3" = Picasa 3
"Ping Plotter Freeware" = Ping Plotter Freeware
"PowerISO" = PowerISO
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RadarSync" = RadarSync
"RAM Saver Pro" = RAM Saver Pro
"Recuva" = Recuva (remove only)
"RefleX Trial" = RefleX(Trial)
"Steam App 11020" = TrackMania Nations Forever
"Steam App 11900" = Lumines
"Steam App 11920" = Lumines: Advanced Pack
"Steam App 12910" = Audiosurf Demo
"Steam App 16600" = RedLynx Trials 2: Second Edition
"Steam App 23120" = Droplitz
"Steam App 26810" = Braid Demo
"Steam App 27610" = MEVO & the Grooveriders Demo
"Steam App 34920" = Razor2: Hidden Skies
"Steam App 39000" = Moonbase Alpha
"Steam App 400" = Portal
"Steam App 630" = Alien Swarm
"Super Mario All-Stars & World_is1" = Super Mario All-Stars & World
"The Blocklist Manager_is1" = BLM 2.6.5
"The Print Shop 10.0" = The Print Shop
"TightVNC_is1" = TightVNC 1.3.9
"VLC media player" = VLC media player 1.0.1
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Updates Downloader" = Windows Updates Downloader
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinPatrol 2007" = WinPatrol 2007 Restore/Remove First
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wootalyzer" = Wootalyzer!
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
-
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"3D Starstrike" = 3D Starstrike
"Flux" = F.lux
"Google Chrome" = Google Chrome
"Sansa Updater" = Sansa Updater
"UnityWebPlayer" = Unity Web Player
"WinDirStat" = WinDirStat 1.1.2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/4/2010 1:44:02 AM | Computer Name = WAYNE | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/4/2010 2:07:33 AM | Computer Name = WAYNE | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 timeout, P4 1.1.6103.0, P5 unspecified, P6 NIL, P7 NIL, P8 NIL,
P9 NIL, P10 NIL.
Error - 9/4/2010 3:17:13 AM | Computer Name = WAYNE | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/4/2010 4:48:18 AM | Computer Name = WAYNE | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 timeout, P4 1.1.6103.0, P5 unspecified, P6 NIL, P7 NIL, P8 NIL,
P9 NIL, P10 NIL.
Error - 9/4/2010 5:00:58 AM | Computer Name = WAYNE | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/4/2010 5:08:39 AM | Computer Name = WAYNE | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 9/4/2010 6:30:03 AM | Computer Name = WAYNE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6103.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.
Error - 9/4/2010 6:32:00 AM | Computer Name = WAYNE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6103.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.
Error - 9/4/2010 2:20:37 PM | Computer Name = WAYNE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6103.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.
Error - 9/4/2010 2:25:46 PM | Computer Name = WAYNE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6103.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.
[ System Events ]
Error - 9/5/2010 12:38:03 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 12:38:03 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 12:38:03 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 12:38:04 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 12:38:05 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 12:38:05 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 12:40:28 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 12:40:28 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 1:23:06 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error - 9/5/2010 3:21:48 AM | Computer Name = WAYNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
< End of report >
-
Download Delete Domains from here and run it. It will delete all entries from the trusted and restricted zone.
==============
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [On_Demand | Stopped] -- -- (x10nets)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\TEMP\001725~1.EXE -- (0017251259724200mcinstcleanup) McAfee Application Installer Cleanup (0017251259724200)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hitmanpro3.sys -- (hitmanpro3)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwdx)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [F.lux] C:\Documents and Settings\Administrator\Local Settings\Apps\F.lux\flux.exe ()
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\windows\system32\doyisege.dll) - C:\WINDOWS\System32\doyisege.dll File not found
O20 - AppInit_DLLs: (refobaju.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\fofarohi.dll) - C:\WINDOWS\System32\fofarohi.dll File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O22 - SharedTaskScheduler: {84d5b3a9-1826-44a1-b352-c57bd47fbfb4} - gahurihor - C:\WINDOWS\System32\fofarohi.dll File not found
O22 - SharedTaskScheduler: {de416087-ce24-4659-a17c-363d0d6d50f4} - mujuzedij - Reg Error: Value error. File not found
[2010/03/27 21:34:40 | 000,014,948 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\PqdPe6YoKQ5
[2010/03/27 21:34:40 | 000,014,948 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PqdPe6YoKQ5
:Commands
[emptytemp]
[resethosts]
[Reboot]
- Then click the Run Fix button at the top.
- Let the program run unhindered, reboot the PC when it is done.
- Post log from this run.
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
All processes killed
========== OTL ==========
Service x10nets stopped successfully!
Service x10nets deleted successfully!
Service iPod Service stopped successfully!
Service iPod Service deleted successfully!
Service AVG Security Toolbar Service stopped successfully!
Service AVG Security Toolbar Service deleted successfully!
File C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe not found.
Error: No service named 0017251259724200mcinstcleanup) McAfee Application Installer Cleanup (0017251259724200 was found to stop!
Service\Driver key 0017251259724200mcinstcleanup) McAfee Application Installer Cleanup (0017251259724200 not found.
File C:\WINDOWS\TEMP\001725~1.EXE not found.
Service VMnetAdapter stopped successfully!
Service VMnetAdapter deleted successfully!
File C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys not found.
Service hitmanpro3 stopped successfully!
Service hitmanpro3 deleted successfully!
File C:\WINDOWS\System32\drivers\hitmanpro3.sys not found.
Service Avgfwfd stopped successfully!
Service Avgfwfd deleted successfully!
File C:\WINDOWS\System32\DRIVERS\avgfwdx.sys not found.
Service Avgfwdx stopped successfully!
Service Avgfwdx deleted successfully!
File C:\WINDOWS\System32\DRIVERS\avgfwdx.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\F.lux deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Apps\F.lux\flux.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\doyisege.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:refobaju.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\fofarohi.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{84d5b3a9-1826-44a1-b352-c57bd47fbfb4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84d5b3a9-1826-44a1-b352-c57bd47fbfb4}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{de416087-ce24-4659-a17c-363d0d6d50f4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de416087-ce24-4659-a17c-363d0d6d50f4}\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\PqdPe6YoKQ5 moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\PqdPe6YoKQ5 moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 874669089 bytes
->Temporary Internet Files folder emptied: 10963863 bytes
->Java cache emptied: 35286767 bytes
->FireFox cache emptied: 38172062 bytes
->Google Chrome cache emptied: 87160495 bytes
->Opera cache emptied: 18194054 bytes
->Flash cache emptied: 3820 bytes
User: All Users
User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
User: melissa
->FireFox cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 455736 bytes
->Temporary Internet Files folder emptied: 32902 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2302807559 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 63439570 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 217492 bytes
Total Files Cleaned = 3,273.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.11.0 log created on 09052010_130359
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\S2E46D426.tmp scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\TMP0000000211D8C33330482D0F not found!
Registry entries deleted on Reboot...
-----
Thanks so far
-
When I ran OTL again, I recieved an error message
Exception Processing Message c0000013 Parameteres 75b6bf7fc 4 75b6b7c 75b6b7c
the optioins cancel, try again and continue
so I pressed continue
-
OTL logfile created on: 9/5/2010 1:20:39 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 17.51 Gb Free Space | 23.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 298.09 Gb Total Space | 33.25 Gb Free Space | 11.15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WAYNE
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/05 08:32:05 | 000,654,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Delta_Patch1.exe
PRC - [2010/09/04 03:52:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
PRC - [2010/09/01 07:23:10 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/07/25 18:04:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/14 21:38:32 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/06/01 12:37:48 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MpSigStub.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2010/02/18 12:13:58 | 000,059,904 | ---- | M] (SeriousBit) -- C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/04/21 12:02:43 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/09/30 17:45:00 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 17:43:38 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/11 16:46:44 | 000,835,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2008/04/11 15:13:52 | 001,085,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/03/10 14:44:32 | 001,380,552 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
PRC - [2008/01/31 18:27:04 | 000,118,784 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2007/10/11 20:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/04/09 07:23:11 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007/04/03 13:54:38 | 000,271,936 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2004/06/15 23:17:38 | 000,069,705 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe
PRC - [2004/01/09 05:54:06 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2002/10/23 11:15:08 | 000,086,016 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
========== Modules (SafeList) ==========
MOD - [2010/09/04 03:52:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/04/03 13:54:50 | 000,063,032 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\TEMP\001725~1.EXE -- (0017251259724200mcinstcleanup) McAfee Application Installer Cleanup (0017251259724200)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/01/15 11:28:20 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/01/08 10:11:25 | 000,366,704 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- c:\program files\a-squared free\a2service.exe -- (a2free)
SRV - [2007/02/02 01:06:46 | 000,118,784 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007/02/02 00:53:18 | 001,323,184 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2002/09/27 12:56:20 | 000,139,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
========== Driver Services (SafeList) ==========
DRV - [2010/09/01 07:23:16 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/07 20:12:07 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/07 20:12:07 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/09 11:49:42 | 000,022,528 | ---- | M] (SeriousBit) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nbdrv.sys -- (Nbdrv)
DRV - [2009/08/03 13:33:46 | 000,040,960 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:32 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gckernel.sys -- (GcKernel)
DRV - [2008/03/27 21:01:40 | 000,009,744 | ---- | M] (EMS Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TLKerII.SYS -- (TrioLinkerII)
DRV - [2008/03/19 11:53:38 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/08 09:20:35 | 000,005,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MS1000.sys -- (MS1000)
DRV - [2007/08/07 14:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/08/01 23:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/07/14 21:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pstrip.sys -- (PStrip)
DRV - [2007/06/15 22:05:42 | 000,002,554 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\kwflower.log -- (kwflower)
DRV - [2007/06/07 16:48:57 | 000,097,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/05/25 14:55:04 | 000,065,024 | ---- | M] (Kerio Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kvpndrv.sys -- (kvpndev)
DRV - [2007/04/09 07:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/03/20 11:33:26 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2007/02/15 19:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007/01/23 16:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/01/23 16:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/01/23 16:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/12/12 12:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/09/03 10:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/01 23:20:56 | 000,023,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ProtoWall.sys -- (ProtoWall)
DRV - [2005/08/15 12:08:26 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2005/08/15 12:08:26 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/10/15 13:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/07/10 20:37:02 | 000,747,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004/03/23 21:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2004/01/10 02:17:02 | 000,601,100 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/01/07 17:04:00 | 000,339,488 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB20XP.sys -- (PRISM_A02)
DRV - [2003/12/15 12:28:46 | 000,257,872 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atirwvd.sys -- (ATI Remote Wonder II)
DRV - [2003/12/12 02:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2002/10/16 01:11:22 | 000,019,968 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2001/08/17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
-
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/...ch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {45d8ff86-d909-11db-9705-005056c00008}:1.0.2
FF - prefs.js..extensions.enabledItems: feedly@devhd:3.x
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.721
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100823
FF - prefs.js..extensions.enabledItems: [email protected]d:1.5.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/27 14:09:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/09/03 09:02:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/03 13:23:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 21:42:54 | 000,000,000 | ---D | M]
[2008/12/05 11:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/09/04 23:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions
[2010/09/02 11:50:49 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/16 13:56:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/14 09:37:59 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2010/02/17 17:35:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/02 11:50:44 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/18 10:08:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/02 11:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/04/14 09:50:57 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/14 09:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/01/28 15:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/09/02 11:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\feedly@devhd
[2010/09/02 11:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/04/18 13:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/03/28 07:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/06/14 09:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/09/02 11:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\feedly@devhd\content\app\extension
[2010/01/25 05:32:47 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\amazondotcom.xml
[2007/10/17 12:47:35 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\bitmetvorg.xml
[2009/06/12 09:23:15 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\ebay.xml
[2007/05/01 01:01:34 | 000,001,406 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\siteadvisor.gif
[2007/05/01 01:01:34 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\siteadvisor.src
[2007/05/01 01:00:26 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\siteadvisor.xml
[2009/04/07 16:06:10 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\youtube-video-search.xml
[2010/09/04 12:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/13 16:05:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/27 20:27:21 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/28 21:44:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2007/03/22 10:45:00 | 000,385,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
O1 HOSTS File: ([2010/09/05 13:05:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\atidtct.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PowerStrip] c:\Program Files\PowerStrip\PStrip.exe (EnTech Taiwan)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKCU..\Run: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe (SeriousBit)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartmenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
-
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/ho...vex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/26 00:59:34 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/10/06 14:31:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{89b2a319-5535-11db-91e3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{89b2a319-5535-11db-91e3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89b2a319-5535-11db-91e3-806d6172696f}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 90 Days ==========
[2010/09/05 13:03:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/05 03:20:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/09/04 23:15:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/09/04 14:11:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/09/04 04:03:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/04 03:51:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/03 08:50:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/08/31 14:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/08/31 13:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2010/08/31 13:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity
[2010/08/31 12:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Gutterball 2
[2010/08/31 12:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/08/31 12:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2010/08/28 21:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/25 21:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SITER SKAIN
[2010/08/25 21:37:22 | 000,249,856 | ---- | C] (nobukichi) -- C:\WINDOWS\eiunin21.exe
[2010/08/25 21:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\SITER SKAIN
[2010/08/24 09:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\CPWizard
[2010/07/28 19:54:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2010/07/28 19:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2010/07/26 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010/07/26 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010/07/26 19:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Autodesk
[2010/07/26 19:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2010/07/26 19:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/07/26 00:59:34 | 000,000,000 | ---D | C] -- C:\Autodesk
[2010/07/13 11:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/07/13 11:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/06/09 21:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2010/06/09 21:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.thumbnails
[2010/06/09 21:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\gegl-0.0
[2010/06/09 21:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2008/03/28 20:22:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2006/12/02 15:16:07 | 000,131,072 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/09/05 13:13:06 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/09/05 13:08:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/05 13:07:34 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/09/05 13:07:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/05 13:07:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/05 13:05:46 | 015,728,640 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/09/05 13:05:46 | 000,000,098 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/05 13:05:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/05 13:00:11 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DelDomains.inf
[2010/09/05 02:43:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-725345543-500UA.job
[2010/09/05 02:36:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/09/04 21:43:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-725345543-500Core.job
[2010/09/04 13:50:10 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\b9d2lrlg.exe
[2010/09/04 05:22:49 | 000,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/04 05:04:08 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/04 04:48:32 | 000,488,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/04 04:48:32 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/04 04:48:32 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/04 04:01:16 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/04 03:52:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/04 00:55:16 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/04 00:55:16 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/04 00:44:50 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/09/03 13:22:06 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/31 12:46:05 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/08/23 20:23:48 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 19:59:24 | 000,008,199 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\radio free playlist.ods
[2010/08/10 19:12:39 | 000,080,228 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie24.jpg
[2010/08/10 19:12:24 | 000,093,268 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie23.jpg
[2010/08/10 19:12:03 | 000,073,784 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie22.jpg
[2010/08/10 19:11:52 | 000,090,950 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie21.jpg
[2010/08/10 19:11:40 | 000,050,896 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie20.jpg
[2010/08/10 19:11:30 | 000,066,279 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie19.jpg
[2010/08/10 19:11:20 | 000,058,321 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie18.jpg
[2010/08/10 19:10:53 | 000,048,757 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie16.jpg
[2010/08/10 19:10:40 | 000,069,390 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie15.jpg
[2010/08/10 19:10:29 | 000,076,516 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie14.jpg
[2010/08/10 19:10:19 | 000,083,011 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie13.jpg
[2010/08/10 19:10:03 | 000,065,049 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie12.jpg
[2010/08/10 19:09:51 | 000,076,395 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie11.jpg
[2010/08/10 19:09:42 | 000,092,232 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie10.jpg
[2010/08/10 19:09:31 | 000,068,093 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie9.jpg
[2010/08/10 19:09:18 | 000,077,329 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie8.jpg
[2010/08/10 19:08:57 | 000,082,510 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie7.jpg
[2010/08/10 19:08:31 | 000,061,112 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie6.jpg
[2010/08/10 19:08:21 | 000,072,537 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie5.jpg
[2010/08/10 19:08:11 | 000,080,832 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie4.jpg
[2010/08/10 19:07:52 | 000,060,865 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie3.jpg
[2010/08/10 19:07:34 | 000,074,183 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie2.jpg
[2010/08/10 19:07:20 | 000,084,577 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie1.jpg
[2010/07/31 13:48:57 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls
[2010/07/31 13:48:29 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/27 21:30:35 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/07/26 19:56:42 | 000,084,464 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/25 19:56:25 | 003,176,378 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/07 10:16:22 | 000,018,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Sci fi reading list.ods
[2010/06/09 21:31:31 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
\32985ae5-e1a2-444b-a036-f62f31304442.dll
[2007/09/20 18:05:16 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/09/20 18:05:14 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/20 18:05:14 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/09/20 18:05:13 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/09/20 18:05:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/06/10 22:32:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\autoscan.dll
[2007/05/06 14:37:44 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/05/06 14:35:02 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2007/05/06 14:35:00 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2007/05/03 10:55:50 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/04/12 00:51:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2007/04/08 18:05:26 | 000,000,250 | ---- | C] () -- C:\WINDOWS\mgutil_reg.ini
[2007/04/08 18:03:17 | 000,000,007 | ---- | C] () -- C:\WINDOWS\mgutil_win.ini
[2007/04/08 17:14:49 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2007/03/09 09:01:48 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2007/03/09 09:01:48 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2007/02/14 21:39:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/02/01 14:02:57 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/26 14:08:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/18 17:10:35 | 000,000,361 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/01/11 08:28:30 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/01/10 06:07:11 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/01/05 17:03:13 | 000,016,384 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/12/02 18:07:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/12/02 15:20:23 | 000,100,352 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/01 23:20:56 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ProtoWall.sys
[2004/07/10 20:35:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/01/28 12:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/03/09 15:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
-
========== Files - Modified Within 90 Days ==========
[2010/09/05 13:13:06 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/09/05 13:08:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/05 13:07:34 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/09/05 13:07:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/05 13:07:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/05 13:05:46 | 015,728,640 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/09/05 13:05:46 | 000,000,098 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/05 13:05:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/05 13:00:11 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DelDomains.inf
[2010/09/05 02:43:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-725345543-500UA.job
[2010/09/05 02:36:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/09/04 21:43:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-725345543-500Core.job
[2010/09/04 13:50:10 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\b9d2lrlg.exe
[2010/09/04 05:22:49 | 000,305,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/04 05:04:08 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/04 04:48:32 | 000,488,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/04 04:48:32 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/04 04:48:32 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/04 04:01:16 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/04 03:52:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/04 00:55:16 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/04 00:55:16 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/04 00:44:50 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/09/03 13:22:06 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/31 12:46:05 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/08/23 20:23:48 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 19:59:24 | 000,008,199 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\radio free playlist.ods
[2010/08/10 19:12:39 | 000,080,228 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie24.jpg
[2010/08/10 19:12:24 | 000,093,268 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie23.jpg
[2010/08/10 19:12:03 | 000,073,784 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie22.jpg
[2010/08/10 19:11:52 | 000,090,950 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie21.jpg
[2010/08/10 19:11:40 | 000,050,896 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie20.jpg
[2010/08/10 19:11:30 | 000,066,279 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie19.jpg
[2010/08/10 19:11:20 | 000,058,321 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie18.jpg
[2010/08/10 19:10:53 | 000,048,757 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie16.jpg
[2010/08/10 19:10:40 | 000,069,390 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie15.jpg
[2010/08/10 19:10:29 | 000,076,516 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie14.jpg
[2010/08/10 19:10:19 | 000,083,011 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie13.jpg
[2010/08/10 19:10:03 | 000,065,049 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie12.jpg
[2010/08/10 19:09:51 | 000,076,395 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie11.jpg
[2010/08/10 19:09:42 | 000,092,232 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie10.jpg
[2010/08/10 19:09:31 | 000,068,093 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie9.jpg
[2010/08/10 19:09:18 | 000,077,329 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie8.jpg
[2010/08/10 19:08:57 | 000,082,510 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie7.jpg
[2010/08/10 19:08:31 | 000,061,112 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie6.jpg
[2010/08/10 19:08:21 | 000,072,537 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie5.jpg
[2010/08/10 19:08:11 | 000,080,832 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie4.jpg
[2010/08/10 19:07:52 | 000,060,865 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie3.jpg
[2010/08/10 19:07:34 | 000,074,183 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie2.jpg
[2010/08/10 19:07:20 | 000,084,577 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cookie1.jpg
[2010/07/31 13:48:57 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls
[2010/07/31 13:48:29 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/27 21:30:35 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/07/26 19:56:42 | 000,084,464 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/25 19:56:25 | 003,176,378 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/07 10:16:22 | 000,018,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Sci fi reading list.ods
[2010/06/09 21:31:31 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/05 13:00:04 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DelDomains.inf
[2010/09/04 13:50:50 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/09/04 13:50:42 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\b9d2lrlg.exe
[2010/09/04 04:01:16 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/04 00:55:16 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/04 00:23:02 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/08/31 12:46:05 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/08/23 19:59:10 | 000,008,199 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\radio free playlist.ods
[2010/08/10 19:12:39 | 000,080,228 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie24.jpg
[2010/08/10 19:12:24 | 000,093,268 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie23.jpg
[2010/08/10 19:12:02 | 000,073,784 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie22.jpg
[2010/08/10 19:11:52 | 000,090,950 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie21.jpg
[2010/08/10 19:11:40 | 000,050,896 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie20.jpg
[2010/08/10 19:11:30 | 000,066,279 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie19.jpg
[2010/08/10 19:11:20 | 000,058,321 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie18.jpg
[2010/08/10 19:10:53 | 000,048,757 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie16.jpg
[2010/08/10 19:10:39 | 000,069,390 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie15.jpg
[2010/08/10 19:10:29 | 000,076,516 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie14.jpg
[2010/08/10 19:10:19 | 000,083,011 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie13.jpg
[2010/08/10 19:10:03 | 000,065,049 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie12.jpg
[2010/08/10 19:09:51 | 000,076,395 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie11.jpg
[2010/08/10 19:09:42 | 000,092,232 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie10.jpg
[2010/08/10 19:09:31 | 000,068,093 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie9.jpg
[2010/08/10 19:09:18 | 000,077,329 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie8.jpg
[2010/08/10 19:08:57 | 000,082,510 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie7.jpg
[2010/08/10 19:08:30 | 000,061,112 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie6.jpg
[2010/08/10 19:08:21 | 000,072,537 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie5.jpg
[2010/08/10 19:08:10 | 000,080,832 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie4.jpg
[2010/08/10 19:07:51 | 000,060,865 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie3.jpg
[2010/08/10 19:07:34 | 000,074,183 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie2.jpg
[2010/08/10 19:07:19 | 000,084,577 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cookie1.jpg
[2010/07/27 21:30:35 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/07/27 21:30:35 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/07/26 19:36:38 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/07 10:16:14 | 000,018,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Sci fi reading list.ods
[2010/06/14 21:38:50 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-725345543-500UA.job
[2010/06/14 21:38:49 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1482476501-725345543-500Core.job
[2010/06/09 21:31:31 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/01/13 20:29:34 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log
[2009/06/27 20:32:46 | 000,002,953 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\movie_gui_builder.pref
[2009/06/27 20:32:45 | 000,003,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\movie_gui_builder_layout.xml
[2009/06/27 20:32:25 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\movie_gui_builder_sync.pref
[2009/05/22 08:17:52 | 000,001,549 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2009/02/26 11:39:19 | 000,000,088 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/14 15:20:06 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/12/14 15:20:05 | 000,000,817 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/12/14 15:18:41 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/12/14 15:18:41 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/12/14 15:08:51 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/12/14 15:08:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2008/12/14 14:58:45 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/06/06 12:01:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\w32apiw.dll
[2008/03/28 20:22:32 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2008/03/28 20:22:32 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2008/03/28 20:22:32 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2008/03/27 20:54:48 | 000,225,354 | ---- | C] () -- C:\WINDOWS\System32\EMSTrioFF.DLL
[2008/03/27 20:54:46 | 003,239,936 | ---- | C] () -- C:\WINDOWS\System32\EMSTrioCP.dll
[2008/03/27 20:54:46 | 000,003,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\FltrKbd.SYS
[2008/03/19 11:53:37 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/10 14:47:33 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/01/15 13:19:23 | 000,008,685 | ---- | C] () -- C:\WINDOWS\boc425.ini
[2008/01/08 09:20:35 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\MS1000.sys
[2007/10/17 16:10:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DirSize.dll
[2007/09/29 23:23:43 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\32985ae5-e1a2-444b-a036-f62f31304442.dll
[2007/09/20 18:05:16 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/09/20 18:05:14 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/20 18:05:14 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/09/20 18:05:13 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/09/20 18:05:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/06/10 22:32:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\autoscan.dll
[2007/05/06 14:37:44 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/05/06 14:35:02 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2007/05/06 14:35:00 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2007/05/03 10:55:50 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/04/12 00:51:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2007/04/08 18:05:26 | 000,000,250 | ---- | C] () -- C:\WINDOWS\mgutil_reg.ini
[2007/04/08 18:03:17 | 000,000,007 | ---- | C] () -- C:\WINDOWS\mgutil_win.ini
[2007/04/08 17:14:49 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2007/03/09 09:01:48 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2007/03/09 09:01:48 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2007/02/14 21:39:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/02/01 14:02:57 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/26 14:08:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/18 17:10:35 | 000,000,361 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/01/11 08:28:30 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/01/10 06:07:11 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/01/05 17:03:13 | 000,016,384 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/12/02 18:07:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/12/02 15:20:23 | 000,100,352 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/01 23:20:56 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ProtoWall.sys
[2004/07/10 20:35:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/01/28 12:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/03/09 15:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
-
========== LOP Check ==========
[2010/08/24 20:02:27 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\Application Data\.#
[2007/03/20 23:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.gaim
[2009/11/24 20:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Armagetron
[2009/08/25 14:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Atlus
[2010/07/26 19:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2010/03/30 08:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG9
[2010/01/14 20:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2007/03/27 10:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BPFTP
[2007/01/20 17:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DeepBurner
[2010/09/03 12:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DiskSpaceFan
[2008/04/08 14:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDFab
[2008/01/15 14:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2010/05/13 08:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Folding@home-x86
[2010/01/14 20:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\foobar2000
[2007/01/11 10:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetBot
[2010/01/14 19:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlarySoft
[2010/06/09 21:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2010/01/13 20:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IndigoRose
[2008/11/19 19:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iPodder
[2009/04/06 21:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\johnsadventures.com
[2007/06/13 22:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Kerio
[2007/06/24 09:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2007/03/20 10:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Map Maker
[2009/09/25 19:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Masque
[2009/06/18 16:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2008/06/06 12:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\nCleaner
[2007/09/04 23:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\netz
[2008/11/18 15:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2008/12/05 11:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2009/10/24 08:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC-FAX TX
[2009/11/10 10:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PeaZip
[2010/01/13 20:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\runic games
[2010/01/26 10:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Safer Networking
[2009/01/06 08:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SanDisk
[2008/12/14 15:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2010/03/28 22:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SeriousBit
[2010/08/25 21:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SITER SKAIN
[2008/05/28 21:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SlySoft
[2007/03/21 23:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SmartDraw
[2007/05/26 12:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish
[2007/01/12 14:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
[2010/08/31 13:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2010/08/31 15:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/01/13 20:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2007/04/12 00:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2007/04/21 01:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wireshark
[2010/03/02 13:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\wootalyzer
[2007/01/21 23:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\X10 Commander
[2009/02/19 20:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\23-81-61-55-53-55
[2007/02/01 14:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-5p-s6-rr-30-os
[2009/11/24 20:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Armagetron
[2010/07/26 19:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/09/03 09:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/09/03 11:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/01/21 22:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2008/01/15 14:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/09/28 21:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2008/11/09 19:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/12/30 14:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro 3
[2008/08/14 14:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/02/05 22:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2008/04/20 14:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/09/25 19:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Masque
[2010/08/31 14:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/12/14 23:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/01/07 11:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2008/12/14 14:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/03/10 14:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/08/31 13:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/05 21:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/03/31 20:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valve
[2008/03/28 21:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/04/05 10:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/03/21 12:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2010/09/05 13:07:34 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:743A8968
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\rundll32.exe:�SummaryInformation
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
-
-
Its noticeably quicker once everything is loaded. However, the PC boots slower than the netbook (I don't know if thats a fair comparison or not.) A few more days of use and my might get a better impression.
I can't tell from the logs if its clean but there are some weird named *.dll files. Even if everything is clean, I feel like I need to pare down the installed programs anyhow. For example I have a folder @ C:\$AVG\$VAULT I would like to get rid of if I decide to upgrade to WIN7.
Thanks for your help so far, there is a marked improvement from when I first registered.
-
Go in to msconfig and disable any startup entries that are unnecessary. Apply the settings and ok out. Reboot the system and see how it is now.
-
-
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
==
Let me know if there is anything else we can help with.
-
I ran the OTC tool. Thanks for your help
-
