JFS.exe Redirect error/virus

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Page 1 of 1

You cannot start a new topic
This topic is locked

JFS.exe Redirect error/virus

#1 ravens615

Member

Group: Members
Posts: 28
Joined: 07-April 11

Posted 07 April 2011 - 11:56 PM

Hello,

Today I was searching for a video converter and downloaded 2 separate ones eventually. I am usually very very careful, but seems I got a virus off some fishy website while I was searching. I noticed my computer was lagging so I brought up task manager; CPU Usage was at 99%. I terminated the program "jfs.exe" as I felt it was causing the problem and shouldn't be there. After going on google with Mozilla Firefox, my search results showed it was true - this crap was a virus. Clicking on some links, I quickly found I was redirected. Regardless of what I search, I am redirected to a random website that is way off of what I was going for. I can still access some websites through mozilla either by copy pasting the url or by working my way around just a simple hyperlink click. At the moment, I am using chrome because it isn't infected or problematic at all. Anyways, when I searched for "jfs virus removal" in firefox, my computer automatically rebooted itself. I don't know if it was coincidental or prompted, but I knew it was the beginning of a headache.

I currently am scanning my comp with Malwarebyes anti-malware, but skimming the surface of a few similar problems, I expect it to come up empty. I have HiJack this ready and I am also ready to listen to whatever needs to be done.

Thanks for all the help!

For the sake of saving time, here is a HJT Log in case it will be requested...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:47 PM, on 4/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\FORINS~1\LOCALS~1\Temp\Fji.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\Fkypaa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\For Installation\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\For Installation\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\For Installation\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\For Installation\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\For Installation\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\notmbam.exe
C:\Documents and Settings\For Installation\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\For Installation\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\no u.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-results.com?o=41647951&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: D-Link Toolbar Search Class - {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files\D-Link Toolbar\dlinktb.dll
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: D-Link Toolbar Loader - {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files\D-Link Toolbar\dlinktb.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: D-Link Toolbar - {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files\D-Link Toolbar\dlinktb.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\For Installation\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [Q7NZMT7RLB] C:\DOCUME~1\FORINS~1\LOCALS~1\Temp\Fjh.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?9cd6e855a1c74d7497d4e1c7bf405e3f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?9cd6e855a1c74d7497d4e1c7bf405e3f
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 17027 bytes

EDIT: MBAM Results actually did come with something -
Malwarebytes' Anti-Malware 1.34
Database version: 1835
Windows 5.1.2600 Service Pack 3

4/7/2011 11:15:06 PM
mbam-log-2011-04-07 (23-15-06).txt

Scan type: Full Scan (C:\|H:\|)
Objects scanned: 245138
Time elapsed: 1 hour(s), 26 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Search Toolbar\SearchToolbar.dll (Adware.BHO) -> Quarantined and deleted successfully.

This post has been edited by ravens615: 08 April 2011 - 01:16 AM

#2 heir

Distinguished Member

Group: Malware Response Team
Posts: 763
Joined: 24-February 08
Gender:Male

Posted 08 April 2011 - 02:19 AM

Please read the guidelines for this forum above this topic.

And follow: Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Post the required logs in your reply.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!

Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click

#3 ravens615

Member

Group: Members
Posts: 28
Joined: 07-April 11

Posted 08 April 2011 - 03:31 PM

Alright, GMER finally ran and I have all the results. Sorry for not following the guidelines before. Here you go....Thanks again!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by For Installation at 5:46:36.85 on Fri 04/08/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1214 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\For Installation\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\For Installation\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\For Installation\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\For Installation\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\For Installation\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\For Installation\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\FORINS~1\LOCALS~1\Temp\Fji.exe
C:\WINDOWS\Fkypaa.exe
C:\Documents and Settings\For Installation\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.search-results.com?o=41647951&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLR
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - c:\program files\d-link toolbar\dlinktb.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - c:\program files\d-link toolbar\dlinktb.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [MtdAcqu] "c:\program files\creative\mediasource5\MtdAcqu.exe" /s
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\for installation\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [Q7NZMT7RLB] c:\docume~1\forins~1\locals~1\temp\Fjh.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [vptray] c:\progra~1\symant~1\vptray.exe
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &Search
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?9cd6e855a1c74d7497d4e1c7bf405e3f
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?9cd6e855a1c74d7497d4e1c7bf405e3f
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\forins~1\applic~1\mozilla\firefox\profiles\do21rdkv.default\
FF - prefs.js: browser.search.selectedEngine - Search-Results
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=BBY2-SRS&o=102345&locale=en_US&apn_uid=89BA245F-713C-4DAF-928F-BA69DFEF55E0&apn_ptnrs=Q5&apn_sauid=B209831C-885D-49BD-AC60-6FEEA5EB45C0&apn_dtid=YYYYYYS2US&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\for installation\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\for installation\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\for installation\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: vShare Plugin: vshareus@toolbar - %profile%\extensions\vshareus@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\for installation\application data\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-7-13 10384]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec norton antivirus\Navapel.sys [2003-5-2 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\Rtvscan.exe [2003-5-21 610304]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\NAVAP.sys [2003-5-2 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081102.004\NAVENG.sys [2008-11-2 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081102.004\NAVEX15.sys [2008-11-2 873552]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-9-27 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-9-27 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-9-27 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-9-27 23680]
S3 usbser2k;Motorola USB Modem Driver from Win2K SP4;c:\windows\system32\drivers\usbser2k.sys [2006-10-24 22768]
S4 DNADownloader;DNADownloader;c:\program files\gamespot\DownloadManager_Win32.exe [2007-7-9 708608]
.
=============== Created Last 30 ================
.
2011-04-08 01:23:04 -------- d-----w- c:\docume~1\forins~1\locals~1\applic~1\Geckofx
2011-04-08 01:22:41 -------- d-----w- c:\program files\AviSynth 2.5
2011-04-08 01:19:57 163840 ----a-w- c:\windows\Fkypaa.exe
2011-04-08 01:19:42 150016 --sha-r- c:\windows\system32\NavLogon0.dll
2011-03-21 22:33:28 -------- d-----w- c:\docume~1\forins~1\applic~1\AskToolbar
2011-03-14 06:49:23 -------- d-----w- c:\docume~1\forins~1\locals~1\applic~1\AskToolbar
2011-03-14 06:34:08 142336 ----a-w- c:\program files\mozilla firefox\BabyFox.dll
2011-03-14 06:33:54 -------- d-----w- c:\program files\Babylon
2011-03-14 06:33:25 -------- d-----w- c:\program files\FoxTabVideoConverter
.
==================== Find3M ====================
.
2011-04-08 03:20:05 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-08 03:20:05 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-26 01:19:32 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-02-19 00:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2007-03-23 03:41:56 2450128 -c--a-w- c:\program files\xfire_installer_25432.exe
2006-09-12 01:20:05 21290704 -c--a-w- c:\program files\AdbeRdr708_en_US.exe
.
============= FINISH: 5:47:34.96 ===============

Looking at another topic with a search engine virus, I saw that an OTL log was requested. I would like to save as much time as possible, so I took the liberty of doing a scan. I figured it wouldn't hurt - don't mean to be impatient, just trying to speed up the process for us both. Here you go:

OTL logfile created on: 4/9/2011 7:19:16 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\For Installation\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 11.03 Gb Free Space | 14.80% Space Free | Partition Type: NTFS
Drive D: | 493.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 603.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KAREEM-DESKTOP | User Name: For Installation | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/09 07:19:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\For Installation\My Documents\Downloads\OTL.exe
PRC - [2011/04/08 22:23:50 | 001,667,072 | -HS- | M] () -- C:\Documents and Settings\For Installation\Local Settings\Application Data\foh.exe
PRC - [2011/03/23 10:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\For Installation\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/04/09 07:19:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\For Installation\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [Disabled | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/10/16 19:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/04/29 19:56:32 | 005,065,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/04/29 19:56:22 | 000,245,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/04/29 19:56:20 | 000,061,856 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2007/07/09 23:17:56 | 000,708,608 | ---- | M] (CNET Networks) [Disabled | Stopped] -- C:\Program Files\GameSpot\DownloadManager_Win32.exe -- (DNADownloader)
SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/05/21 01:27:46 | 000,610,304 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec Norton AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2003/05/21 01:22:36 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec Norton AntiVirus\DefWatch.exe -- (DefWatch)

========== Driver Services (SafeList) ==========

DRV - [2011/04/08 18:22:22 | 000,137,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/10/07 01:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 01:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC)
DRV - [2009/10/07 01:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/07 01:46:12 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/06/17 09:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 09:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/11/02 01:00:00 | 000,873,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081102.004\navex15.sys -- (NAVEX15)
DRV - [2008/11/02 01:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081102.004\naveng.sys -- (NAVENG)
DRV - [2008/04/14 01:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/01/14 03:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/10/11 19:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/06/18 15:19:50 | 000,017,920 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/15 03:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/05/07 15:11:22 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/01/22 19:33:00 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2006/12/06 18:33:54 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/10/24 22:15:47 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/09/28 17:33:08 | 000,040,960 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P2k.sys -- (P2k)
DRV - [2006/09/22 14:06:10 | 000,092,160 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/08/02 10:45:32 | 000,114,560 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910)
DRV - [2006/07/28 08:18:40 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser2k.sys -- (usbser2k)
DRV - [2006/06/17 17:23:11 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/11/16 16:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/03 20:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/11/03 07:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/08/10 05:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 06:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2005/01/31 03:26:06 | 000,912,768 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/01/31 03:19:20 | 000,007,104 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/01/10 11:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 11:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 21:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/12/17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/05/02 21:08:22 | 000,030,208 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\Program Files\Symantec Norton AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2003/05/02 21:08:18 | 000,224,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec Norton AntiVirus\Navap.sys -- (NAVAP)
DRV - [2003/01/13 10:19:26 | 000,249,344 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/01/13 10:19:26 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/01/13 10:19:26 | 000,118,422 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/01/13 10:19:26 | 000,022,758 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/01/13 10:19:26 | 000,021,654 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search-results.com?o=41647951&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.selectedEngine: "Search-Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://websearch.search-results.com/redirect?client=ff&src=kw&tb=BBY2-SRS&o=102345&locale=en_US&apn_uid=89BA245F-713C-4DAF-928F-BA69DFEF55E0&apn_ptnrs=Q5&apn_sauid=B209831C-885D-49BD-AC60-6FEEA5EB45C0&apn_dtid=YYYYYYS2US&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/10/25 16:53:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 20:34:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 07:06:59 | 000,000,000 | ---D | M]

[2010/08/09 23:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\For Installation\Application Data\Mozilla\Extensions
[2011/04/07 10:27:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\For Installation\Application Data\Mozilla\Firefox\Profiles\do21rdkv.default\extensions
[2010/08/09 23:20:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\For Installation\Application Data\Mozilla\Firefox\Profiles\do21rdkv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/19 10:02:29 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\For Installation\Application Data\Mozilla\Firefox\Profiles\do21rdkv.default\extensions\searchtoolbar@zugo.com
[2010/09/19 10:15:02 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\For Installation\Application Data\Mozilla\Firefox\Profiles\do21rdkv.default\extensions\vshareus@toolbar
[2011/03/13 23:47:00 | 000,003,364 | ---- | M] () -- C:\Documents and Settings\For Installation\Application Data\Mozilla\Firefox\Profiles\do21rdkv.default\searchplugins\search-results.xml
[2011/04/07 10:27:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/26 13:05:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/24 10:57:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/04/20 18:54:00 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\FOR INSTALLATION\APPLICATION DATA\MOVE NETWORKS
[2008/12/22 15:03:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2004/11/12 20:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/09/10 00:39:42 | 000,075,184 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2006/07/16 18:26:13 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/07/12 17:12:25 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

Hosts file not found
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (D-Link Toolbar Loader) - {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (D-Link Toolbar) - {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (D-Link Toolbar) - {61874DFA-9ADF-44E5-8E61-F3913707E7D7} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Norton AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [MtdAcqu] C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Q7NZMT7RLB] File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2006/12/09 21:43:37 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2006/12/09 21:43:37 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2006/12/09 21:43:37 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2006/12/09 21:43:37 | 000,000,000 | ---D | M]
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 17:05:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/23 19:30:45 | 000,000,053 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2004/08/27 17:52:48 | 000,000,051 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{620bec28-f3aa-11db-9f98-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{620bec28-f3aa-11db-9f98-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{620bec28-f3aa-11db-9f98-00038a000015}\Shell\AutoRun\command - "" = F:\Launcher.exe -- [2004/08/28 20:09:54 | 000,692,224 | R--- | M] (Southlogic Studios)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\For Installation\Local Settings\Application Data\foh.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\For Installation\Local Settings\Application Data\foh.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/04/08 05:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\For Installation\Desktop\gmer
[2011/04/08 05:55:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/04/08 05:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/04/07 22:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\For Installation\Desktop\infected
[2011/04/07 21:15:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\For Installation\Recent
[2011/04/07 18:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\For Installation\Local Settings\Application Data\Geckofx
[2011/04/07 18:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\For Installation\Start Menu\Programs\AviSynth 2.5
[2011/04/07 18:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2011/04/07 18:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AviSynth 2.5
[2011/03/21 15:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\For Installation\Application Data\AskToolbar
[2011/03/20 12:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\For Installation\Start Menu\Programs\Usmleworld QBank
[2011/03/15 19:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\For Installation\Desktop\March 2011 Windows
[2011/03/13 23:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\For Installation\Local Settings\Application Data\AskToolbar
[2011/03/13 23:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2011/03/13 23:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\For Installation\Start Menu\Programs\FoxTab Video Converter
[2011/03/13 23:33:25 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabVideoConverter
[2010/03/02 11:39:40 | 000,139,264 | ---- | C] ( ) -- C:\WINDOWS\System32\sipr.dll
[2010/03/02 11:39:40 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\rv20.dll
[2010/03/02 11:39:40 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\rv30.dll
[2010/03/02 11:39:40 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\rv40.dll
[2010/03/02 11:39:39 | 000,557,056 | ---- | C] ( ) -- C:\WINDOWS\System32\raac.dll
[2010/03/02 11:39:38 | 000,548,919 | ---- | C] ( ) -- C:\WINDOWS\System32\colorcvt.dll
[2010/03/02 11:39:38 | 000,479,298 | ---- | C] ( ) -- C:\WINDOWS\System32\erv4.dll
[2010/03/02 11:39:38 | 000,286,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2010/03/02 11:39:38 | 000,266,306 | ---- | C] ( ) -- C:\WINDOWS\System32\erv3.dll
[2010/03/02 11:39:38 | 000,180,224 | ---- | C] ( ) -- C:\WINDOWS\System32\drv2.dll
[2010/03/02 11:39:38 | 000,090,112 | ---- | C] ( ) -- C:\WINDOWS\System32\atrc.dll
[2010/03/02 11:39:38 | 000,065,602 | ---- | C] ( ) -- C:\WINDOWS\System32\cook.dll
[2006/09/11 18:18:06 | 021,290,704 | ---- | C] ( ) -- C:\Program Files\AdbeRdr708_en_US.exe
[2002/04/10 18:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\For Installation\My Documents\*.tmp files -> C:\Documents and Settings\For Installation\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/09 06:31:20 | 000,016,784 | -HS- | M] () -- C:\Documents and Settings\For Installation\Local Settings\Application Data\h245xhpk4ti6kc81us2
[2011/04/09 06:31:20 | 000,016,784 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\h245xhpk4ti6kc81us2
[2011/04/08 22:43:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/08 22:29:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/08 22:29:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/08 22:28:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/04/08 22:25:32 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/04/08 22:25:32 | 000,000,268 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/08 22:23:53 | 000,016,878 | -HS- | M] () -- C:\Documents and Settings\For Installation\Local Settings\Application Data\p01466yq787g02dkm22q
[2011/04/08 22:23:53 | 000,016,878 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\p01466yq787g02dkm22q
[2011/04/08 22:23:50 | 001,667,072 | -HS- | M] () -- C:\Documents and Settings\For Installation\Local Settings\Application Data\foh.exe
[2011/04/08 21:53:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/04/08 21:41:00 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/08 19:21:11 | 000,344,064 | -HS- | M] () -- C:\Documents and Settings\For Installation\Local Settings\Application Data\cmp.exe
[2011/04/08 18:22:22 | 000,137,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/04/08 18:21:53 | 000,214,520 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011/04/08 05:55:35 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/04/08 05:44:41 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\For Installation\Desktop\dds.scr
[2011/04/08 04:32:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1229272821-839522115-1004Core.job
[2011/04/07 22:32:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1229272821-839522115-1004UA.job
[2011/04/07 21:31:20 | 000,194,909 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/07 21:31:04 | 000,000,334 | -HS- | M] () -- C:\WINDOWS\tasks\JYIOD.job
[2011/04/07 21:30:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/04/07 18:19:42 | 000,150,016 | RHS- | M] () -- C:\WINDOWS\System32\NavLogon0.dll
[2011/04/07 18:19:41 | 000,163,840 | ---- | M] () -- C:\WINDOWS\Fkypaa.exe
[2011/04/05 19:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/26 07:34:39 | 000,002,353 | ---- | M] () -- C:\Documents and Settings\For Installation\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/26 07:34:38 | 000,002,375 | ---- | M] () -- C:\Documents and Settings\For Installation\Desktop\Google Chrome.lnk
[2011/03/20 23:09:39 | 000,052,583 | ---- | M] () -- C:\Documents and Settings\For Installation\Desktop\OMS IV Rotation Schedule 2011-12.pdf
[2011/03/20 12:25:04 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\For Installation\Desktop\Usmleworld QBank.lnk
[2011/03/19 18:21:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#deskjet3600#CN3B33F3W96B.job
[2011/03/14 00:02:57 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/14 00:02:56 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/13 23:33:30 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\For Installation\Desktop\FoxTab Video Converter.lnk
[2011/03/13 20:51:59 | 005,920,667 | ---- | M] () -- C:\Documents and Settings\For Installation\Desktop\scan0002.pdf
[2011/03/13 17:37:09 | 000,157,696 | ---- | M] () -- C:\Documents and Settings\For Installation\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\For Installation\My Documents\*.tmp files -> C:\Documents and Settings\For Installation\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/08 22:23:53 | 000,016,784 | -HS- | C] () -- C:\Documents and Settings\For Installation\Local Settings\Application Data\h245xhpk4ti6kc81us2
[2011/04/08 22:23:53 | 000,016,784 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h245xhpk4ti6kc81us2
[2011/04/08 22:23:50 | 001,667,072 | -HS- | C] () -- C:\Documents and Settings\For Installation\Local Settings\Application Data\foh.exe
[2011/04/08 19:21:14 | 000,016,878 | -HS- | C] () -- C:\Documents and Settings\For Installation\Local Settings\Application Data\p01466yq787g02dkm22q
[2011/04/08 19:21:14 | 000,016,878 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\p01466yq787g02dkm22q
[2011/04/08 19:21:11 | 000,344,064 | -HS- | C] () -- C:\Documents and Settings\For Installation\Local Settings\Application Data\cmp.exe
[2011/04/08 05:55:35 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/04/08 05:44:39 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\For Installation\Desktop\dds.scr
[2011/04/07 18:19:57 | 000,163,840 | ---- | C] () -- C:\WINDOWS\Fkypaa.exe
[2011/04/07 18:19:49 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/04/07 18:19:47 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/07 18:19:43 | 000,000,268 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/07 18:19:42 | 000,150,016 | RHS- | C] () -- C:\WINDOWS\System32\NavLogon0.dll
[2011/04/07 18:19:42 | 000,000,334 | -HS- | C] () -- C:\WINDOWS\tasks\JYIOD.job
[2011/03/20 23:09:37 | 000,052,583 | ---- | C] () -- C:\Documents and Settings\For Installation\Desktop\OMS IV Rotation Schedule 2011-12.pdf
[2011/03/20 12:25:04 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\For Installation\Desktop\Usmleworld QBank.lnk
[2011/03/13 23:33:30 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\For Installation\Desktop\FoxTab Video Converter.lnk
[2011/03/13 20:55:00 | 005,920,667 | ---- | C] () -- C:\Documents and Settings\For Installation\Desktop\scan0002.pdf
[2011/02/25 18:19:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/12/26 13:06:22 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/10 03:17:14 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/06 09:45:37 | 000,077,429 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/03/02 11:39:46 | 003,482,984 | ---- | C] () -- C:\WINDOWS\System32\LDecH2643.dll
[2010/03/02 11:39:46 | 001,889,640 | ---- | C] () -- C:\WINDOWS\System32\LDECAAC.dll
[2010/03/02 11:39:46 | 001,189,224 | ---- | C] () -- C:\WINDOWS\System32\LDecMpg42.dll
[2010/03/02 11:39:45 | 000,464,232 | ---- | C] () -- C:\WINDOWS\System32\LCODC26D2.dll
[2010/03/02 11:39:45 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/03/02 11:39:44 | 001,914,216 | ---- | C] () -- C:\WINDOWS\System32\ltmm16.dll
[2010/03/02 11:39:44 | 000,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/03/02 11:39:44 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/03/02 11:39:44 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/03/02 11:39:44 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/03/02 11:39:43 | 002,332,008 | ---- | C] () -- C:\WINDOWS\System32\LEncMpg23.dll
[2010/03/02 11:39:43 | 000,443,752 | ---- | C] () -- C:\WINDOWS\System32\LMMpgDmxP.dll
[2010/03/02 11:39:43 | 000,251,240 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2010/03/02 11:39:43 | 000,173,416 | ---- | C] () -- C:\WINDOWS\System32\LCodcScr2.dll
[2010/03/02 11:39:43 | 000,161,128 | ---- | C] () -- C:\WINDOWS\System32\LEncAC3.dll
[2010/03/02 11:39:43 | 000,116,072 | ---- | C] () -- C:\WINDOWS\System32\LMAMpgCnv.dll
[2010/03/02 11:39:40 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/03/02 11:39:39 | 003,569,152 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 11:39:39 | 000,695,296 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 11:39:39 | 000,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 11:39:39 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2010/03/02 11:39:39 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2010/03/02 11:39:39 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 11:39:39 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 11:39:39 | 000,119,296 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 11:39:39 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2010/03/02 11:39:39 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 11:39:39 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/03/02 11:39:39 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 11:39:39 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/03/02 11:39:39 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 11:39:38 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 11:39:38 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 11:39:38 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 11:39:38 | 000,148,840 | ---- | C] () -- C:\WINDOWS\System32\LDECMPG2KRN2.dll
[2010/03/02 11:39:38 | 000,071,016 | ---- | C] () -- C:\WINDOWS\System32\LEncAC3Krn.dll
[2010/03/02 11:39:38 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 11:39:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2010/03/02 11:39:38 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2010/01/04 21:28:47 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/04 21:28:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/04 21:28:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/04 21:28:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/04 21:28:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/04 18:29:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/02 14:04:11 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/10/25 16:43:46 | 000,147,962 | ---- | C] () -- C:\WINDOWS\hpoins37.dat
[2009/10/25 16:43:45 | 000,000,504 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/03/10 20:32:03 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\For Installation\Application Data\__t.bin
[2009/03/01 18:50:53 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\For Installation\Local Settings\Application Data\fusioncache.dat
[2009/01/21 19:46:18 | 000,000,181 | ---- | C] () -- C:\Documents and Settings\For Installation\Application Data\default.rss
[2009/01/20 20:33:41 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/01/12 22:54:40 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\For Installation\Application Data\evf
[2008/11/27 21:14:31 | 000,000,070 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2008/11/26 22:05:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/11/25 17:46:18 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2008/11/25 17:46:18 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/11/21 20:53:10 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2008/11/21 20:53:10 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/11/21 20:52:59 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2008/11/21 18:44:53 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 09:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/08/29 09:16:11 | 000,008,496 | ---- | C] () -- C:\WINDOWS\lviewpro.ini
[2008/07/29 15:19:12 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/07/26 18:33:54 | 000,000,227 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/07/26 18:33:50 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2008/07/25 21:48:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/25 21:48:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/07/25 21:48:00 | 001,499,136 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/07/25 21:48:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/07/25 21:48:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/25 21:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/25 21:48:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/07/25 21:48:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/07/25 21:48:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/05/24 17:45:17 | 000,071,500 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/05/11 01:03:24 | 000,000,036 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/03/10 21:46:07 | 000,003,347 | ---- | C] () -- C:\WINDOWS\System32\rounders.dat
[2008/03/10 21:45:33 | 000,073,685 | ---- | C] () -- C:\WINDOWS\System32\rounders.dat.dmp
[2008/03/08 19:35:08 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2008/02/17 16:26:37 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/02/16 21:42:05 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll
[2008/02/08 05:30:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008/01/18 20:29:25 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/12/22 04:09:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/08 19:39:22 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\For Installation\Application Data\PnkBstrK.sys
[2007/11/08 19:39:02 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/11/03 19:54:02 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/09/11 00:16:19 | 000,000,084 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2007/04/28 12:57:41 | 000,000,050 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007/04/03 15:31:58 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/04/03 14:06:28 | 000,214,520 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/04/03 14:06:09 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/03/31 20:25:39 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\sfc.dat
[2007/03/22 20:41:43 | 002,450,128 | ---- | C] () -- C:\Program Files\xfire_installer_25432.exe
[2007/03/16 16:33:54 | 000,000,411 | ---- | C] () -- C:\WINDOWS\gfscore.ini
[2007/03/16 16:33:19 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2007/01/06 01:26:25 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2007/01/06 01:21:44 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/17 15:36:03 | 000,000,977 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/23 20:23:44 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/08/23 20:20:02 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2006/08/23 20:19:12 | 000,215,552 | ---- | C] () -- C:\WINDOWS\System32\Lvkrn12n.dll
[2006/08/12 23:05:37 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/08/12 23:05:34 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2006/07/24 22:39:28 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/20 15:54:59 | 000,157,696 | ---- | C] () -- C:\Documents and Settings\For Installation\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/03 22:34:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\SYSVCDRV.SYS
[2006/06/29 16:42:13 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2006/06/25 17:40:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\For Installation\Application Data\dm.ini
[2006/06/20 00:57:28 | 000,004,675 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/06/18 18:00:39 | 000,010,621 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2006/06/17 17:39:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/17 17:24:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/06/17 17:08:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 17:02:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 09:48:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/17 09:47:18 | 000,334,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/05/03 04:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,444,358 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,072,108 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/02 03:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/06/17 17:20:28 | 000,005,358 | ---- | C] () -- C:\WINDOWS\hpfmdl01.dat
[2003/06/17 17:13:16 | 000,000,332 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2003/05/21 01:19:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/01/13 14:21:58 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80337C03
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C39E55C5
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:054B9966

< End of report >

OTL Extras logfile created on: 4/9/2011 7:19:16 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\For Installation\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 11.03 Gb Free Space | 14.80% Space Free | Partition Type: NTFS
Drive D: | 493.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 603.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KAREEM-DESKTOP | User Name: For Installation | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = aol_htm] -- C:\Program Files\AOL\Explorer\1.0\AOLExplorer.exe (America Online, Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\For Installation\Local Settings\Application Data\foh.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\1150693159\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1150693159\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\1150693159\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1150693159\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Motorola\Software Update\msu.exe" = C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu -- (Motorola)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\ijji\ENGLISH\u_gbound.exe" = C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module -- (Sonic Solutions)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\utorrent\utorrent.exe" = C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Documents and Settings\For Installation\Local Settings\Application Data\Dyyno Receiver\DPPM.exe" = C:\Documents and Settings\For Installation\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Disabled:Dyyno Plugin Receiver -- ()
"C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme" = C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Disabled:GunBound
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- (ooVoo LLC)
"C:\Documents and Settings\For Installation\My Documents\Downloads\VideoConverterSetup.exe" = C:\Documents and Settings\For Installation\My Documents\Downloads\VideoConverterSetup.exe:*:Enabled:InstallCore™ -- (InstallCore© Technologies )

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{0167F157-DAB9-46b0-86C4-7C66DDA85B48}" = HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{0409c45d-df44-4b98-93b0-572697aa054a}" = F4400
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 22
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2AD89908-0987-4B9E-8AB4-905899E4D754}_is1" = Next Video Converter 3.3
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{303379C9-8610-4CCF-AF37-C4BF8998C591}" = Roxio Media Manager
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3F32058A-343A-4C16-BD1B-BE35E9A42352}" = RZ DVD Creator
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FDF4C9C-BFA0-43AE-B7D4-54BC33B1B0DA}" = NVIDIA PhysX v8.07.18
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{67183F00-3DDC-497B-A090-4E2B79EAF1CD}" = Photo Viewer
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{68B36FA5-E276-4C03-A56C-EC25717E1668}" = XLSTAT 2007
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty® 2 Patch 1.3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}" = hp deskjet 3600
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{966A491F-8970-44E0-AC4E-9C845D9013EC}" = Microsoft DirectX 9.0 SDK Update (August 2005)
"{96C267DA-0926-4C11-B4E7-4D3EF85130D0}" = Paint.NET v3.22
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3307A17-5239-4BAD-B0FE-E0B27B9A33CD}" = BullsEye Archery Rangefinder
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF32FF9-D408-42AB-AE29-46B9183E4EB7}" = Motorola Software Update
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{d281ba0e-1617-4a62-bb37-b73671035e36}" = DJ_AIO_05_F4400_Software_Min
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"¡En español! Level 2 Take-Home Tutor" = ¡En español! Level 2 Take-Home Tutor
"693218053459EBF14C6505EA1172F17672B50DD1" = Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"AIM MusicLink 4.0.0.0" = AIM MusicLink 4.0.0.0
"AIM MusicLink 4.1.0.0" = AIM MusicLink 4.1.0.0
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Aimersoft DVD Creator_is1" = Aimersoft DVD Creator(Build 2.2.8.1)
"AIMTunes" = AIMTunes
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Explorer" = AOL Explorer
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"BlackBerry_{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"D-Link Toolbar" = D-Link Toolbar
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow" = ffdshow (remove only)
"FL Studio 9" = FL Studio 9
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"FX - Video Converter" = FoxTab Video Converter (remove only)
"GameSpotDownloadManager" = GameSpot Download Manager
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"hp print screen utility" = hp print screen utility
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IL Download Manager" = IL Download Manager
"InFlac" = InFlac 1.1.1
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare™ 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare™ 1.2 Patch
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InterActual Player" = InterActual Player
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Logitech Print Service" = Logitech Print Service
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"MagicDisc 2.5.74" = MagicDisc 2.5.74
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP3Resizer_is1" = MP3Resizer 1.8.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pidgin" = Pidgin
"PokerStars" = PokerStars
"PROSet" = Intel® PRO Network Connections Drivers
"Protected Music Converter_is1" = Protected Music Converter 0.99.29b
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"RollerCoaster Tycoon Setup" = Roll
"Search Toolbar" = Search Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 400" = Portal
"SysInfo" = Creative System Information
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"VideoAvatar_is1" = VideoAvatar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinGlulxe" = Windows Glulxe
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (For Installation)
"ESPN Java Check" = ESPN Java Check
"Google Chrome" = Google Chrome
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0
"Move Media Player" = Move Media Player
"Usmleworld QBank" = Usmleworld QBank

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2011 12:27:54 PM | Computer Name = KAREEM-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application CoD2MP_s.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/7/2011 10:32:37 PM | Computer Name = KAREEM-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application fjh.exe, version 0.0.0.0, faulting module icucnv36.dll,
version 3.6.0.0, fault address 0x000013df.

Error - 4/7/2011 10:57:48 PM | Computer Name = KAREEM-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17095, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/7/2011 10:58:04 PM | Computer Name = KAREEM-DESKTOP | Source = Application Hang | ID = 1001
Description = Fault bucket -1992488379.

Error - 4/7/2011 10:58:16 PM | Computer Name = KAREEM-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17095, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/7/2011 10:58:37 PM | Computer Name = KAREEM-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17095, faulting
module unknown, version 0.0.0.0, fault address 0x02fb0ec2.

Error - 4/8/2011 12:22:49 AM | Computer Name = KAREEM-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application ISUSPM.exe, version 6.0.100.54472, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/9/2011 1:05:31 AM | Computer Name = KAREEM-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17095, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/9/2011 1:06:22 AM | Computer Name = KAREEM-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17095, faulting
module unknown, version 0.0.0.0, fault address 0x03450fc6.

Error - 4/9/2011 1:06:32 AM | Computer Name = KAREEM-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17095, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 8/12/2009 3:10:19 AM | Computer Name = KAREEM-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/12/2009 3:10:25 AM | Computer Name = KAREEM-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/12/2009 3:10:31 AM | Computer Name = KAREEM-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/12/2009 3:10:35 AM | Computer Name = KAREEM-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/12/2009 3:10:42 AM | Computer Name = KAREEM-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/18/2009 3:35:07 PM | Computer Name = KAREEM-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 97
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/20/2009 11:25:47 PM | Computer Name = KAREEM-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/11/2009 12:13:01 PM | Computer Name = KAREEM-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/11/2009 12:13:12 PM | Computer Name = KAREEM-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/11/2009 12:13:18 PM | Computer Name = KAREEM-DESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/26/2011 10:23:30 AM | Computer Name = KAREEM-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
following error: %%2

Error - 3/26/2011 10:23:30 AM | Computer Name = KAREEM-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 3/26/2011 10:25:39 AM | Computer Name = KAREEM-DESKTOP | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf9543ee, parameter3
b39b8c00, parameter4 00000000.

Error - 3/30/2011 1:07:32 AM | Computer Name = KAREEM-DESKTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.10 for the Network Card with network
address 00123FC3B7F9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/8/2011 12:28:34 AM | Computer Name = KAREEM-DESKTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.
The
error: "%2" Happened while starting this command: -E4EE-44D9-8104-8E71556757F6}\LocalServer32
-Embedding

Error - 4/8/2011 12:31:57 AM | Computer Name = KAREEM-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
following error: %%2

Error - 4/8/2011 12:31:57 AM | Computer Name = KAREEM-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 4/8/2011 1:25:32 PM | Computer Name = KAREEM-DESKTOP | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 4/9/2011 1:29:49 AM | Computer Name = KAREEM-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/9/2011 1:30:45 AM | Computer Name = KAREEM-DESKTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdudf_xp eeCtrl Fips intelppm

< End of report >

Attached File(s)

Attach.txt (18.25K)
Number of downloads: 2
ark.txt (20.1K)
Number of downloads: 3

This post has been edited by ravens615: 09 April 2011 - 09:42 AM

#4 heir

Distinguished Member

Group: Malware Response Team
Posts: 763
Joined: 24-February 08
Gender:Male

Posted 09 April 2011 - 10:44 AM

Please don't edit your post with new information as I don't get notified when edits are made. Just add a reply and I'll get notified that you've posted new information.

Something I should point out, regarding CCleaner,Glary Utilities, TuneUp Utilities and similar products

It's not recommended to use of registry cleaners. These often cause more problems than they fix. One of the colleagues here at BC, miekiemoes has an excellent writeup here
Another excellent article by Bill Castner is located here.

Well as you've run OTL we'll use it to do some fixes. Also MBAM needs to be updated which we'll do in this post.

Step 1.
OTL-fix:

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKCU..\Run: [Q7NZMT7RLB] File not found
O33 - MountPoints2\{620bec28-f3aa-11db-9f98-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{620bec28-f3aa-11db-9f98-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{620bec28-f3aa-11db-9f98-00038a000015}\Shell\AutoRun\command - "" = F:\Launcher.exe -- [2004/08/28 20:09:54 | 000,692,224 | R--- | M] (Southlogic Studios)
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\For Installation\Local Settings\Application Data\foh.exe" -a "%1" %* ()
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\For Installation\Local Settings\Application Data\foh.exe" -a "%1" %* ()
[2011/04/09 06:31:20 | 000,016,784 | -HS- | M] () -- C:\Documents and Settings\For Installation\Local Settings\Application Data\h245xhpk4ti6kc81us2
[2011/04/09 06:31:20 | 000,016,784 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\h245xhpk4ti6kc81us2
[2011/04/08 22:23:53 | 000,016,878 | -HS- | M] () -- C:\Documents and Settings\For Installation\Local Settings\Application Data\p01466yq787g02dkm22q
[2011/04/08 22:23:53 | 000,016,878 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\p01466yq787g02dkm22q
[2011/04/08 22:23:50 | 001,667,072 | -HS- | M] () -- C:\Documents and Settings\For Installation\Local Settings\Application Data\foh.exe
[2011/04/08 19:21:11 | 000,344,064 | -HS- | M] () -- C:\Documents and Settings\For Installation\Local Settings\Application Data\cmp.exe
[2011/04/07 18:19:41 | 000,163,840 | ---- | M] () -- C:\WINDOWS\Fkypaa.exe
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\StubInstaller.exe" =-
"C:\Program Files\utorrent\utorrent.exe" =-
:Commands
[purity]
[emptytemp]
[emptyflash]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL fixlog

Step 2.
MBAM:

Launch Malwarebytes' Anti-Malware
Update Malwarebytes' Anti-Malware
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 3.
Things I would like to see in your reply:

The content of the fixlog from OTL in step 1.
The content of the log from MBAM in step 2.
Information on how your computer is running now.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!

Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click

#5 ravens615

Member

Group: Members
Posts: 28
Joined: 07-April 11

Posted 09 April 2011 - 04:39 PM

OTL Log:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Q7NZMT7RLB deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{620bec28-f3aa-11db-9f98-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{620bec28-f3aa-11db-9f98-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{620bec28-f3aa-11db-9f98-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{620bec28-f3aa-11db-9f98-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{620bec28-f3aa-11db-9f98-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{620bec28-f3aa-11db-9f98-00038a000015}\ not found.
File move failed. F:\Launcher.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
C:\Documents and Settings\For Installation\Local Settings\Application Data\foh.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\For Installation\Local Settings\Application Data\h245xhpk4ti6kc81us2 moved successfully.
C:\Documents and Settings\All Users\Application Data\h245xhpk4ti6kc81us2 moved successfully.
C:\Documents and Settings\For Installation\Local Settings\Application Data\p01466yq787g02dkm22q moved successfully.
C:\Documents and Settings\All Users\Application Data\p01466yq787g02dkm22q moved successfully.
File C:\Documents and Settings\For Installation\Local Settings\Application Data\foh.exe not found.
C:\Documents and Settings\For Installation\Local Settings\Application Data\cmp.exe moved successfully.
C:\WINDOWS\Fkypaa.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\utorrent\utorrent.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: For Installation
->Temp folder emptied: 3939573 bytes
->Temporary Internet Files folder emptied: 233549549 bytes
->Java cache emptied: 352567 bytes
->FireFox cache emptied: 56524497 bytes
->Google Chrome cache emptied: 240456685 bytes
->Flash cache emptied: 4818487 bytes

User: Kareem
->Temp folder emptied: 685281 bytes
->Temporary Internet Files folder emptied: 821863 bytes
->Java cache emptied: 14281 bytes
->FireFox cache emptied: 5361730 bytes
->Flash cache emptied: 3799 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 321398 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 69206731 bytes
->Flash cache emptied: 348 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 48791194 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38937 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 67208352 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 1251328 bytes

Total Files Cleaned = 700.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: For Installation
->Flash cache emptied: 0 bytes

User: Kareem
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04092011_135300

Files\Folders moved on Reboot...
File move failed. F:\Launcher.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6320

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/9/2011 2:32:04 PM
mbam-log-2011-04-09 (14-32-04).txt

Scan type: Quick scan
Objects scanned: 187207
Time elapsed: 12 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\K8CE6CA1JO (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Q7NZMT7RLB (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\For Installation\Local Settings\Application Data\nqp.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\For Installation\Local Settings\Application Data\nqp.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\For Installation\Local Settings\Application Data\nqp.exe" -a "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\for installation\my documents\downloads\flvdirect(2).exe (Adware.Loudmo) -> Quarantined and deleted successfully.
c:\documents and settings\for installation\my documents\downloads\flvdirect.exe (Adware.Loudmo) -> Quarantined and deleted successfully.
c:\documents and settings\for installation\my documents\downloads\videoconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\for installation\my documents\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\for installation\my documents\downloads\xvid_codac(2).exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\for installation\my documents\downloads\xvid_codac.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\o.dat (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\sysreserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

I had CC Cleaner before when I was advised to get it for a virus issue about a year or two ago...I haven't really touched it since. Firefox did not redirect me when I searched, so everything seems to be fine. The computer is running smoothly now and doesn't seem to have bugs....but is it safe now?

Again, thanks for all your help!

#6 heir

Distinguished Member

Group: Malware Response Team
Posts: 763
Joined: 24-February 08
Gender:Male

Posted 10 April 2011 - 06:08 AM

Let's run one more scan.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!

Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click

#7 ravens615

Member

Group: Members
Posts: 28
Joined: 07-April 11

Posted 10 April 2011 - 02:42 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17095 (vista_gdr.101217-1830)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=604b2ecf1804bd4d9df9e4157c1daa49
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-10 07:38:57
# local_time=2011-04-10 12:38:57 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 64789535 64789535 0 0
# compatibility_mode=8192 67108863 100 0 38871273 38871273 0 0
# scanned=130017
# found=10
# cleaned=10
# scan_time=6021
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Trend Micro\HijackThis\backups\backup-20100103-014000-400.dll probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\EKmmmUtv.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTcefyqdsnqx.dll.vir a variant of Win32/Kryptik.CXQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTrybodswqog.dll.vir a variant of Win32/Kryptik.BNX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTuhtnwnavmb.dll.vir a variant of Win32/Kryptik.CXQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTofmhdwvuon.sys.vir a variant of Win32/Rootkit.Kryptik.AZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\04092011_135300\C_Documents and Settings\For Installation\Local Settings\Application Data\cmp.exe a variant of Win32/Kryptik.MLA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\04092011_135300\C_Documents and Settings\For Installation\Local Settings\Application Data\foh.exe a variant of Win32/Kryptik.MLA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\04092011_135300\C_WINDOWS\Fkypaa.exe a variant of Win32/Kryptik.MLQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#8 heir

Distinguished Member

Group: Malware Response Team
Posts: 763
Joined: 24-February 08
Gender:Male

Posted 10 April 2011 - 02:52 PM

Mostly already quarantined objects were detected.

Hey there, ravens615 !

OK! Well done, your log is clean again! :thumbsup:

Time for some housekeeping.

Step 1.
Clean up:

First:
We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Goto add remove programs and uninstall Eset Online Scanner

[/b]
Double-click OTL.exe to start it.
Click the Clean up button
Click Yes to the reboot.

Now delete any tools/logs that is left over after you ran OTL Clean up.

Second:
Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer.

Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.

Step 2.
Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:
Posted Image

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 24 .
Click the JDK 6 Update 24 (JDK or JRE) "Download JRE" button to the right.
Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation ( jre-6u24-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u24-windows-i586.exe and select "Run as an Administrator.")

Second:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

Click Start.
Select Settings and then Control Panel.
Select Automatic Updates.
Click Automatic (recommended)
Choose a day and a time when you know the computer will be on and connected to the Internet.
Click Apply then OK.

Third:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware

SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.

.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

Fourth:
Next lets look at Firewalls. These help to prevent unauthorized access both to and from the Internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

Personal Firewalls

Comodo is a free fully functional firewall
Online Armor (Free edition) personal firewall

Fifth:
On to personal Anti Virus programs.

One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed three free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves.

Anti Virus Programs

avast! Free Edition an excellent free AV.
AVG Anti-Virus Free Edition is free for personal use.
Avira AntiVir PersonalEdition, yet another good free AV.

Sixth:
Nearly done! If you like to use chat, MSN and Yahoo have vulnerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers

Trillian or,
Miranda-IM

Lastly:
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!

Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click

#9 ravens615

Member

Group: Members
Posts: 28
Joined: 07-April 11

Posted 10 April 2011 - 04:35 PM

Saved me a lot of headache! Thanks for all the help heir!

#10 heir

Distinguished Member

Group: Malware Response Team
Posts: 763
Joined: 24-February 08
Gender:Male

Posted 13 April 2011 - 01:35 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!

Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click