Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection, please help me fix my bloody computer!!


  • Please log in to reply
17 replies to this topic

#1 wakked_out

wakked_out

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PA
  • Local time:01:37 PM

Posted 16 April 2009 - 04:37 PM

I am having the hardest time repairing my computer. I realize that it's on the old side (2003 to be exact), but I am definitely infected with something. Over the past week it has started to freeze for twenty seconds or so and then resume. This happens in every application I may be using and reoccurs periodically. My itunes settings get changed randomly, and uploading to my iphone is now impossible. The upload process freezes after a few files and then I get an error message saying the syncing could not be completed. Aside from itunes, I have had codecs for media player be completely erased from my computer (or turned off somehow), and I can not reinstall them. Everything seems to be very random, but it has to be connected somehow, it all started at the same time. I can not restore my laptop for some reason (I get an error message every time), and I can not install or run antivirus software (I'ved tried four different kinds). I also can not check my hard drive for errors as it gives me an error message as well when it starts up to begin checking. I've run registry software and spy bot and they all say that my computer is fixed and/or fine (LIES, all lies!). I installed hijack this in an effort to get some advice from anybody with a bit more computing knowledge then myself. Anyone and everyone please reply with any kind of advice, it would be GREATLY appricated as I am ready to throw my computer out the window (and being unemployed, I can't afford a new one). THANK YOU! Here is my HJT reading:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:12 PM, on 4/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O8 - Extra context menu item: Copy to Semagic - C:\Documents and Settings\All Users\Desktopcopy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Documents and Settings\All Users\Desktoplink.htm
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216954724848
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216954697168
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

--
End of file - 5596 bytes

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:01:37 PM

Posted 01 May 2009 - 10:11 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,258 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:37 AM

Posted 05 May 2009 - 02:48 PM

Reopened by original poster's request.

#4 wakked_out

wakked_out
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PA
  • Local time:01:37 PM

Posted 05 May 2009 - 03:51 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by test at 15:34:33.82 on Tue 05/05/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.126 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\test\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask.com Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - Ask.com Toolbar
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: {00000000-0000-0000-0000-000000000000} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Display Settings] c:\program files\hpq\notebook utilities\hptasks.exe /s
mRun: [QT4HPOT] c:\program files\hpq\one-touch\OneTouch.EXE
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [CARPService] carpserv.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
IE: Copy to Semagic - c:\documents and settings\all users\Desktopcopy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Semagic - c:\documents and settings\all users\Desktoplink.htm
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216954724848
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216954697168
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\test\applic~1\mozilla\firefox\profiles\7kauzxtj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCID.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-15 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-15 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-15 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-15 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-15 298264]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2003-5-3 291328]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2003-5-3 244608]
R3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\drivers\TNET1130x.sys [2006-3-9 385536]
S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-7-16 28280]

=============== Created Last 30 ================

2009-04-30 15:49 <DIR> --d----- c:\documents and settings\test\Tracing
2009-04-30 15:45 <DIR> --d----- c:\program files\Microsoft
2009-04-30 15:44 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-04-30 15:33 <DIR> --d----- c:\program files\common files\Windows Live
2009-04-24 21:16 495,104 a------- c:\windows\D&G.exe
2009-04-24 21:16 639 a------- c:\windows\D&G.c4
2009-04-24 21:16 0 a------- c:\windows\D&G.ini
2009-04-24 21:16 3,112,668 a------- c:\windows\D&G.swf
2009-04-24 21:16 17,462 a------- c:\windows\D&G.bmp
2009-04-24 21:16 9,662 a------- c:\windows\D&G.ico
2009-04-24 21:16 668 a------- c:\windows\D&G.c3
2009-04-24 21:16 668 a------- c:\windows\D&G.c1
2009-04-24 21:16 903,680 a------- c:\windows\D&G.scr
2009-04-24 21:16 <DIR> --d----- c:\windows\D&G Uninstaller
2009-04-17 04:13 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-16 21:24 <DIR> --d----- c:\docume~1\test\applic~1\LimeWire
2009-04-15 10:00 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-15 10:00 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-15 10:00 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-15 10:00 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-15 09:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-14 23:31 <DIR> --d----- c:\program files\AVG
2009-04-14 20:47 <DIR> --d----- c:\program files\Trend Micro
2009-04-14 19:29 <DIR> --d----- C:\578abee3d31167ad58c718bb67563cd2
2009-04-14 19:27 <DIR> --d----- C:\bc95ad12c086fbbb3da59f3856
2009-04-14 18:57 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-14 18:57 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-14 18:04 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-04-14 18:01 <DIR> --d----- c:\documents and settings\test\.housecall6.6
2009-04-14 16:48 <DIR> --d----- c:\docume~1\test\applic~1\IObit
2009-04-14 16:48 <DIR> --d----- c:\program files\IObit
2009-04-09 16:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-09 16:42 <DIR> --d----- c:\program files\iTunes
2009-04-07 20:35 274,432 a------- c:\windows\system32\TubeFinder.exe
2009-04-07 20:35 364,544 a------- c:\windows\system32\PropertyGrid.ocx
2009-04-07 20:35 208,500 a------- c:\windows\system32\ReyXpBasics.tlb
2009-04-07 20:35 119,568 a------- c:\windows\system32\VB6FR.DLL
2009-04-07 20:35 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2009-04-07 20:35 84,512 a------- c:\windows\system32\PICCLP32.OCX
2009-04-07 20:35 141,312 a------- c:\windows\system32\MSCMCFR.DLL
2009-04-07 20:35 24,576 a------- c:\windows\system32\ControlSubX.ocx
2009-04-07 20:35 9,728 a------- c:\windows\system32\PCCLPFR.DLL
2009-04-07 20:35 32,768 a------- c:\windows\system32\CMDLGFR.DLL
2009-04-07 20:35 <DIR> --d----- c:\program files\Free FLV Converter
2009-04-07 20:29 <DIR> --d----- c:\program files\common files\SWF Studio
2009-04-07 20:28 <DIR> --d----- c:\program files\Riva
2009-04-07 20:23 113 a------- c:\windows\(null)toolkit.ini
2009-04-07 20:10 <DIR> --d----- c:\docume~1\test\applic~1\Trillian
2009-04-07 20:05 <DIR> --d----- C:\ConverterOutput
2009-04-07 20:04 <DIR> --d----- c:\program files\Cucusoft

==================== Find3M ====================

2009-04-09 20:40 84,060 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-02-28 21:36 38,964 a---h--- c:\windows\system32\mlfcache.dat
2009-02-26 00:04 0 a------- c:\program files\temp01
2009-02-18 01:21 3,532 a------- C:\drmHeader.bin
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2004-08-04 03:56 73,728 ac-sh--- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe
2008-07-25 00:06 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072520080726\index.dat

============= FINISH: 15:36:40.43 ===============

Attached File  Attach.zip   2.92KB   1 downloads

#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:37 PM

Posted 05 May 2009 - 04:36 PM

Hi wakked_out

Let's get a better idea of your system and a possible cause.
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
    Copy the lines in the codebox below.
    drivers32
    msconfig
    %PROGRAMFILES%\*.
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    Posted Image
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Thanks

BBPP6nz.png


#6 wakked_out

wakked_out
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PA
  • Local time:01:37 PM

Posted 05 May 2009 - 05:41 PM

I am unable to run the program OTListIt2. Everytime I scan it freezes after about ten seconds. It doesn't resume at all, it just sits there with an hourglass whenever the mouse is placed over the program. I tried several times, even restarting my machine and trying again. Still the same result. Is there maybe a different app that I can run for the same results? Please let me know. Thank you for your time!

Cheers,
Steve

#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:37 PM

Posted 05 May 2009 - 06:50 PM

Hi wakked_out


Ok, let's try this then:

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

If you have problems running MBAM, restart your system in safe mode and then try running it again.
if you need instructions on rebooting into safe mode:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
You will need to use the 'keyboard arrow keys' to navigate on this menu.
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Then choose your usual account.

But try the normal mode first.

Thanks.

BBPP6nz.png


#8 wakked_out

wakked_out
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PA
  • Local time:01:37 PM

Posted 07 May 2009 - 12:45 PM

I was able to run Malwarebytes in safe mode, but not in regular mode (it froze up after about six hours of scanning). I have to add though, ever since I ran Malwarebytes and removed the six items it found, my computer has been plagued with a new level of slowness. Everything on the computer now runs at a MUCH slower pace. It took me fifteen minutes just to boot up the computer and open this web page. Not sure if it has anything to do with the app or not, but I wanted to mention it. (I also have recently had trouble with my copy/paste function. It seems that the things I copy to my clipboard disappear before I can paste it.)


Malwarebytes' Anti-Malware 1.36
Database version: 2079
Windows 5.1.2600 Service Pack 3

5/6/2009 3:27:10 AM
mbam-log-2009-05-06 (03-27-00).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 130663
Time elapsed: 1 hour(s), 18 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:37 PM

Posted 07 May 2009 - 02:42 PM

Hi wakked_out

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.


Did you actually tick these items and let MBAM remove them?

Please go back to the post about running OTLIstIt2 and try the instructions again.
The developer says that sometimes the scan may seem to be 'not responding', but is actually still working.
Leave the scan runnning for about 20 mins if necessary.
This program doesn't follow the normal 'windows' rules.

If after this time, it still hasn't produced a report..... try running it in safe mode.
Just in case anything is interfering with it.

Thanks.

BBPP6nz.png


#10 wakked_out

wakked_out
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PA
  • Local time:01:37 PM

Posted 14 May 2009 - 04:23 PM

I did indeed remove the six items that it listed upon the completion of the scan. I have to add that the slowness I talked about appears to only have been temporary.

I will redownload the other app and try it again in safe mode.

Cheers

#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:37 PM

Posted 14 May 2009 - 04:41 PM

Thanks for the update.

BBPP6nz.png


#12 wakked_out

wakked_out
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PA
  • Local time:01:37 PM

Posted 14 May 2009 - 04:48 PM

I suppose my computer was in a good mood today because it allowed the app to scan it completely....BUT, it didn't give me an "extra.txt", just the OTListIt.txt. So I will post it for now and try to scan again later for both documents. This is what it's produced so far:

OTListIt logfile created on: 5/14/2009 5:31:19 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\test\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 48.21 Mb Available Physical Memory | 10.80% Memory free
1.03 Gb Paging File | 0.60 Gb Available in Paging File | 58.36% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 10.97 Gb Free Space | 29.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPPIE
Current User Name: test
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
PRC - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\HPQ\One-Touch\OneTouch.EXE (Dritek System Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\carpserv.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\test\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HPConfig [Auto | Running]) -- C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
SRV - (HPWirelessMgr [Auto | Running]) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NICSer_WPC54G [Auto | Stopped]) -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe ()
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (caboagp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)
DRV - (CALIAUD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\caliaud.sys (Conexant Systems Inc.)
DRV - (CALIHALA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\calihal.sys (Conexant Systems Inc.)
DRV - (CBTNDIS5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\CBTNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (CE3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ce3n5.sys (Xircom, Inc.)
DRV - (DKbFltr [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\DKbFltr.SYS (Dritek System Inc.)
DRV - (DP83815 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\DP83815.SYS (National Semiconductor Corp.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPCI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\hpci.sys (Hewlett-Packard)
DRV - (HSFHWALI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWALI.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMCIRDA [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys (SMC)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (StreamDispatcher [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\strmdisp.sys (Conexant Systems, Inc.)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (TNET1130x [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tnet1130x.sys (Cisco-Linksys LLC.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "my.yahoo.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/04/15 09:59:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/12 20:26:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/12 20:27:01 | 00,000,000 | ---D | M]

[2009/03/17 17:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Extensions
[2008/07/25 00:34:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/17 17:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/05/14 16:38:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Firefox\Profiles\7kauzxtj.default\extensions
[2009/04/07 19:14:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Firefox\Profiles\7kauzxtj.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/05/12 14:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Firefox\Profiles\7kauzxtj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/05/14 16:15:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 18:35:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/17 15:44:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/02 16:59:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/28 18:35:50 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 18:35:50 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/03 18:41:12 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/11/03 18:41:12 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/19 17:45:38 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2008/11/03 18:41:13 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 19:51:49 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/11/03 18:41:13 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/11/03 18:41:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/11/03 18:41:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (268233 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 9285 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CARPService] carpserv.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s (Hewlett-Packard)
O4 - HKLM..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Copy to Semagic - C:\Documents and Settings\All Users\Desktopcopy.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Semagic - C:\Documents and Settings\All Users\Desktoplink.htm ()
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 47 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1216954724848 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1216954697168 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f95366c0-b3af-11da-8a48-000f201e3505}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
Drivers32: aux - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\system32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\WINDOWS\system32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\WINDOWS\system32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\system32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\system32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.lameacm - C:\WINDOWS\system32\LameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\system32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\system32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\system32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\system32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\system32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\system32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\system32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\system32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\system32\divx.dll (DivX, Inc.)
Drivers32: vidc.hfyu - C:\WINDOWS\system32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: VIDC.IV41 - C:\WINDOWS\system32\IR41_32.AX (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\system32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\system32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\system32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\system32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\system32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\system32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\system32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\system32\divx.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\system32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\system32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/05/14 17:24:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\index.php_files
[2009/05/14 17:24:34 | 00,126,730 | ---- | C] () -- C:\Documents and Settings\test\Desktop\index.php.htm
[2009/05/14 17:24:20 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTListIt2.exe
[2009/05/14 16:04:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/05/12 20:38:04 | 00,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.63
[2009/05/12 17:17:50 | 04,548,736 | ---- | C] () -- C:\Documents and Settings\test\Desktop\1f883b5bd7240ddd718e67a8749e428c.mp3
[2009/05/07 15:35:46 | 00,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2009/05/06 03:28:50 | 46,824,2432 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/05 20:33:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\Malwarebytes
[2009/05/05 20:33:45 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/05 20:33:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/05 20:33:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/05 20:33:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/05 19:21:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/05/05 19:17:41 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2009/05/05 19:00:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\HP
[2009/05/05 18:59:04 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009/05/05 18:59:03 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/05/05 18:50:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\temp
[2009/05/05 16:48:20 | 00,001,491 | ---- | C] () -- C:\Documents and Settings\test\Application Data\QuickZip45.ini
[2009/05/05 16:48:07 | 00,000,000 | ---D | C] -- C:\Program Files\QuickZip4
[2009/04/30 15:45:29 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/04/30 15:44:26 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/04/30 15:33:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/04/24 21:16:06 | 00,495,104 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\D&G.exe
[2009/04/24 21:16:06 | 00,000,639 | ---- | C] () -- C:\WINDOWS\D&G.c4
[2009/04/24 21:16:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\D&G.ini
[2009/04/24 21:16:05 | 03,112,668 | ---- | C] () -- C:\WINDOWS\D&G.swf
[2009/04/24 21:16:05 | 00,017,462 | ---- | C] () -- C:\WINDOWS\D&G.bmp
[2009/04/24 21:16:05 | 00,009,662 | ---- | C] () -- C:\WINDOWS\D&G.ico
[2009/04/24 21:16:05 | 00,000,668 | ---- | C] () -- C:\WINDOWS\D&G.c3
[2009/04/24 21:16:05 | 00,000,668 | ---- | C] () -- C:\WINDOWS\D&G.c1
[2009/04/24 21:16:04 | 00,903,680 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\D&G.scr
[2009/04/24 21:16:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\D&G Uninstaller
[2009/04/17 04:13:48 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/04/16 21:26:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\My Documents\LimeWire
[2009/04/16 21:24:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\LimeWire
[2009/04/16 18:03:16 | 00,000,000 | ---D | C] -- C:\Program Files\Trillian
[2009/04/15 10:00:25 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/15 10:00:24 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/15 10:00:16 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/15 10:00:13 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/04/15 10:00:00 | 36,026,761 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/15 10:00:00 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/04/15 10:00:00 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/15 10:00:00 | 00,053,730 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/15 10:00:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/04/15 09:59:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/04/14 23:31:05 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/14 20:47:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/14 19:29:48 | 00,000,000 | ---D | C] -- C:\578abee3d31167ad58c718bb67563cd2
[2009/04/14 19:27:22 | 00,000,000 | ---D | C] -- C:\bc95ad12c086fbbb3da59f3856
[2009/04/14 18:57:19 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/14 18:57:18 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/14 18:04:16 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/04/07 20:23:17 | 00,000,113 | ---- | C] () -- C:\WINDOWS\(null)toolkit.ini
[2008/12/28 11:51:00 | 00,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/28 11:50:50 | 00,145,609 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/12/28 11:49:08 | 00,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/12 12:57:38 | 00,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/12/09 14:57:26 | 00,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/12/09 14:57:18 | 00,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/12/09 14:57:02 | 00,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/12/09 14:56:42 | 00,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/12/09 14:56:34 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/12/09 14:56:22 | 00,485,888 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/12/08 09:37:04 | 00,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/08 09:34:42 | 00,791,742 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/08 08:53:40 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/11/26 15:55:22 | 00,683,520 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2008/11/26 14:49:10 | 00,238,080 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/08/05 18:02:12 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/05 17:59:04 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/08/05 17:59:04 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/03/29 11:42:22 | 00,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2008/03/29 11:42:14 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2008/03/29 11:42:08 | 00,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008/03/29 11:42:04 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008/03/29 11:42:04 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2008/03/29 11:42:02 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008/03/29 11:42:00 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008/03/29 11:41:54 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2008/03/29 11:41:52 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/10/13 05:30:20 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/06/28 14:54:10 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/12 12:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/07/22 00:20:20 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/06/29 12:20:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/03/09 17:53:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ringtonemaker.INI
[2006/03/09 17:49:01 | 00,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2006/03/09 17:48:59 | 00,000,999 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006/02/07 20:35:50 | 00,000,459 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/07 15:15:46 | 00,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/12/12 08:42:14 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/06/23 15:57:52 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/06/23 15:46:20 | 00,000,501 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/06/23 08:35:02 | 00,000,278 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/05/03 14:55:20 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/05/03 14:52:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/03 14:41:51 | 00,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/05/03 14:41:10 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/10/06 14:42:57 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 19:04:25 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 19:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 19:04:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/15 19:38:40 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[1997/06/13 22:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[2009/05/14 17:24:36 | 00,126,730 | ---- | M] () -- C:\Documents and Settings\test\Desktop\index.php.htm
[2009/05/14 17:24:20 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTListIt2.exe
[2009/05/14 16:00:28 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/14 15:59:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/14 15:59:33 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\test\Local Settings\desktop.ini
[2009/05/14 15:59:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/14 15:59:28 | 46,824,2432 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/12 23:57:42 | 04,548,736 | ---- | M] () -- C:\Documents and Settings\test\Desktop\1f883b5bd7240ddd718e67a8749e428c.mp3
[2009/05/12 19:53:28 | 00,001,491 | ---- | M] () -- C:\Documents and Settings\test\Application Data\QuickZip45.ini
[2009/05/12 19:01:41 | 36,026,761 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/12 19:01:41 | 00,053,730 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/07 15:20:39 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/30 20:25:59 | 00,213,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/19 17:38:00 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/15 13:02:32 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/15 10:00:25 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/15 10:00:24 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/15 10:00:16 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/15 10:00:13 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/04/15 10:00:00 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/04/14 19:38:36 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/14 18:11:15 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

========== LOP Check ==========

[2009/05/05 19:21:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/17 15:21:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/09 16:43:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/11/12 17:13:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/08/06 14:19:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2006/07/22 00:21:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2008/07/25 00:10:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2006/09/28 21:33:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/15 09:59:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/05/05 19:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2008/10/28 20:48:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/05 20:33:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 15:33:18 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/04/13 22:40:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2003/05/03 14:45:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2003/05/03 14:44:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/04/09 15:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2006/07/12 19:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/14 02:56:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/02/07 12:32:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/11/13 20:01:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2009/04/14 03:01:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2009/05/05 20:33:57 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\test\Application Data
[2006/07/22 00:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\acccore
[2008/10/12 17:47:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Adobe
[2006/07/10 20:59:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\AdobeUM
[2006/09/09 07:56:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Aim
[2009/02/28 21:32:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Apple Computer
[2007/01/31 16:43:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\DivX
[2007/02/02 22:27:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\FastStone
[2006/04/12 22:44:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Help
[2009/05/13 00:45:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\HP
[2003/05/03 12:57:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Identities
[2006/02/09 12:47:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\InterVideo
[2009/04/14 17:50:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\IObit
[2006/05/05 08:58:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Leadertech
[2009/04/30 17:29:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\LimeWire
[2006/02/07 20:37:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Macromedia
[2007/02/01 23:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Magix
[2009/05/05 20:33:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Malwarebytes
[2009/04/15 09:58:49 | 00,000,000 | --SD | M] -- C:\Documents and Settings\test\Application Data\Microsoft
[2008/07/25 00:34:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Mozilla
[2007/12/23 14:09:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\MSN6
[2009/05/12 20:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Real
[2009/03/01 01:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\RobinsonCrusoe
[2003/05/03 14:29:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Sun
[2006/07/12 19:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Symantec
[2006/02/10 01:49:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Template
[2009/04/07 20:10:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Trillian
[2009/03/01 01:02:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\ViquaSoft
[2007/02/24 16:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Webshots
[2008/11/13 20:18:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\test\Application Data\yahoo!
[2009/04/15 13:02:32 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2003/03/30 22:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2007/06/03 00:49:25 | 00,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
[2009/05/14 15:59:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Custom Scans ==========


< %PROGRAMFILES%\*. >
[2009/05/13 01:01:15 | 00,000,000 | R--D | M] -- C:\Program Files
[2006/07/10 20:54:01 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/09/09 07:56:26 | 00,000,000 | ---D | M] -- C:\Program Files\AIM
[2008/09/16 18:05:44 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2006/10/10 21:06:33 | 00,000,000 | ---D | M] -- C:\Program Files\ArtisanDVDPlayer
[2003/05/03 14:36:52 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/04/14 23:31:05 | 00,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/02/28 19:05:55 | 00,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/05/12 20:27:01 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2003/05/03 14:07:57 | 00,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/04/07 20:04:46 | 00,000,000 | ---D | M] -- C:\Program Files\Cucusoft
[2003/05/03 15:07:31 | 00,000,000 | ---D | M] -- C:\Program Files\directx
[2007/02/12 00:18:16 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/05/12 21:49:31 | 00,000,000 | ---D | M] -- C:\Program Files\DOSBox-0.63
[2006/03/03 19:04:15 | 00,000,000 | ---D | M] -- C:\Program Files\Easy Internet signup
[2007/02/02 22:27:01 | 00,000,000 | ---D | M] -- C:\Program Files\FastStone Image Viewer
[2009/04/16 17:59:39 | 00,000,000 | ---D | M] -- C:\Program Files\FLV Player
[2009/04/07 20:38:20 | 00,000,000 | ---D | M] -- C:\Program Files\Free FLV Converter
[2009/05/13 00:58:16 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/05/13 00:58:16 | 00,000,000 | ---D | M] -- C:\Program Files\HP
[2006/02/01 21:54:57 | 00,000,000 | ---D | M] -- C:\Program Files\HPQ
[2006/07/04 00:17:15 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/02/12 23:29:54 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/08/20 19:44:09 | 00,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2009/04/14 16:48:02 | 00,000,000 | ---D | M] -- C:\Program Files\IObit
[2009/04/09 16:42:49 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/04/09 16:43:29 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/04/02 16:58:28 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/04/29 15:08:16 | 00,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2006/03/09 17:57:02 | 00,000,000 | ---D | M] -- C:\Program Files\Linksys
[2009/05/05 20:33:53 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/08/28 03:06:04 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/04/30 15:45:29 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/05/10 03:05:48 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2003/05/03 12:57:12 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2003/05/03 14:57:12 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/07/24 23:55:36 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/05/14 16:38:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/04/14 17:53:58 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2003/05/03 12:57:13 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/06/08 14:00:22 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/07/24 23:50:09 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/07/24 23:50:02 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/01/23 21:11:04 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/05/05 16:48:12 | 00,000,000 | ---D | M] -- C:\Program Files\QuickZip4
[2006/02/07 20:32:05 | 00,000,000 | ---D | M] -- C:\Program Files\Real
[2009/04/07 20:28:53 | 00,000,000 | ---D | M] -- C:\Program Files\Riva
[2009/04/29 15:08:14 | 00,000,000 | ---D | M] -- C:\Program Files\Semagic
[2003/05/03 14:55:20 | 00,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/04/14 20:47:39 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/05/12 19:00:12 | 00,000,000 | ---D | M] -- C:\Program Files\Trillian
[2006/02/07 13:34:13 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/05/07 15:35:46 | 00,000,000 | ---D | M] -- C:\Program Files\Western Digital Corporation
[2009/04/30 15:43:51 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/04/30 15:44:26 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2006/12/27 00:23:57 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/07/24 23:50:03 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/02/07 13:42:25 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2003/05/03 12:57:13 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/01/04 00:38:02 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2003/05/03 12:57:13 | 00,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/03/25 18:40:35 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >

#13 wakked_out

wakked_out
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PA
  • Local time:01:37 PM

Posted 14 May 2009 - 05:30 PM

I tried running the app again and it still wouldn't give me the extras.txt file. I even tried it without any of the custom scan/fixes....nadda. Sorry, I'm not sure what else to do to get it to run correctly. Thanks again for your time.

Cheers

#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:37 PM

Posted 14 May 2009 - 06:30 PM

Hi wakked_out

Before we start.... let me put you out of your misery and explain why you can't get the 'extra.txt'.
If you look at the OTL2 header:

OTListIt logfile created on: 5/14/2009 5:31:19 PM - Run 2

The 'extra.txt' is only produced by default on the first run.
To get it to be produced on a second or subsequent run, you have to:
* Under Extra Registry section, select Use SafeList. .... then run the scan.

Let's do some cleaning up and then we search a bit deeper.

Do you know what these files relate to?

[2009/04/24 21:16:06 | 00,495,104 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\D&G.exe
[2009/04/24 21:16:06 | 00,000,639 | ---- | C] () -- C:\WINDOWS\D&G.c4
[2009/04/24 21:16:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\D&G.ini
[2009/04/24 21:16:05 | 03,112,668 | ---- | C] () -- C:\WINDOWS\D&G.swf
[2009/04/24 21:16:05 | 00,017,462 | ---- | C] () -- C:\WINDOWS\D&G.bmp
[2009/04/24 21:16:05 | 00,009,662 | ---- | C] () -- C:\WINDOWS\D&G.ico
[2009/04/24 21:16:05 | 00,000,668 | ---- | C] () -- C:\WINDOWS\D&G.c3
[2009/04/24 21:16:05 | 00,000,668 | ---- | C] () -- C:\WINDOWS\D&G.c1
[2009/04/24 21:16:04 | 00,903,680 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\D&G.scr


Step 1
I see you have Limewire installed.

Please note that as long as you're using any form of Peer-to-Peer networking (Morpheus, Ares, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
Additional information on the safety of Peer to Peer programs themselves is here : http://p2p.malwareremoval.com/
Regardless of the program used, the practice of file-sharing is very unsafe for the health of your PC.

Step 2
Double click on OTListIt2.exe to run it.
Copy the lines in the codebox below.
:otli
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - Reg Error: Key error. File not found
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Value error.)

:Files
@C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD

:commands
[emptytemp]
[purity]
[start explorer]
  • Return to OTListIt2,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    Posted Image
  • Click the red Run Fix button.
  • If your desktop icons disappear for awhile.... don't worry.
  • If OTListIt prompts for permission to reboot the computer, allow it to do so.
  • After the reboot, you may need to double click OTListIt2 to launch the program and retrieve the log.
Copy and paste the contents of the OTListIt2 log in your next reply.

Step 3
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.

Step 4
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    Then:
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    If running Vista, you may not see this screen
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please submit:
OTL2 log (produced after the fix)
GorredLog.txt
Combofix.txt
and please let me know about those files.

Thanks.

BBPP6nz.png


#15 wakked_out

wakked_out
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PA
  • Local time:01:37 PM

Posted 20 May 2009 - 02:38 PM

I actually did figure out how to get the extra.txt document to be produced, so I ran another scan and I figure I will post them now just in case. I will get everything else finished that you posted sometime over the next day.

Also, the filese you asked about are related to a screensaver I have on my computer.

Here are the extra.txt documents and the otlistit.txt that came from my most recent scan...just in case they are of any help:

OTListIt logfile created on: 5/15/2009 2:18:46 AM - Run 5
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\test\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 155.09 Mb Available Physical Memory | 34.73% Memory free
1.03 Gb Paging File | 0.78 Gb Available in Paging File | 75.91% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 10.91 Gb Free Space | 29.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPPIE
Current User Name: test
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
PRC - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\HPQ\One-Touch\OneTouch.EXE (Dritek System Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\carpserv.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgscanx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\test\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HPConfig [Auto | Running]) -- C:\WINDOWS\system32\HPConfig.exe (Hewlett-Packard)
SRV - (HPWirelessMgr [Auto | Running]) -- C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NICSer_WPC54G [Auto | Stopped]) -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe ()
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (caboagp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)
DRV - (CALIAUD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\caliaud.sys (Conexant Systems Inc.)
DRV - (CALIHALA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\calihal.sys (Conexant Systems Inc.)
DRV - (CBTNDIS5 [On_Demand | Running]) -- C:\WINDOWS\system32\CBTNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (CE3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ce3n5.sys (Xircom, Inc.)
DRV - (DKbFltr [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\DKbFltr.SYS (Dritek System Inc.)
DRV - (DP83815 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\DP83815.SYS (National Semiconductor Corp.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPCI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\hpci.sys (Hewlett-Packard)
DRV - (HSFHWALI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWALI.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMCIRDA [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys (SMC)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (StreamDispatcher [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\strmdisp.sys (Conexant Systems, Inc.)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (TNET1130x [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\tnet1130x.sys (Cisco-Linksys LLC.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "my.yahoo.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/04/15 09:59:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/12 20:26:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/12 20:27:01 | 00,000,000 | ---D | M]

[2009/03/17 17:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Extensions
[2008/07/25 00:34:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/17 17:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/05/14 16:38:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Firefox\Profiles\7kauzxtj.default\extensions
[2009/04/07 19:14:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Firefox\Profiles\7kauzxtj.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/05/12 14:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\mozilla\Firefox\Profiles\7kauzxtj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/05/14 16:38:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 18:35:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/17 15:44:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/02 16:59:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/28 18:35:50 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 18:35:50 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/03 18:41:12 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/11/03 18:41:12 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/19 17:45:38 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2008/11/03 18:41:13 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 19:51:49 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/11/03 18:41:13 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/11/03 18:41:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/11/03 18:41:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (268233 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 9285 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CARPService] carpserv.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s (Hewlett-Packard)
O4 - HKLM..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Copy to Semagic - C:\Documents and Settings\All Users\Desktopcopy.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Semagic - C:\Documents and Settings\All Users\Desktoplink.htm ()
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 47 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1216954724848 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1216954697168 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f95366c0-b3af-11da-8a48-000f201e3505}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
Drivers32: aux - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\system32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\WINDOWS\system32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\WINDOWS\system32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\system32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\system32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.lameacm - C:\WINDOWS\system32\LameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\system32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\system32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\system32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\system32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\system32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\system32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\system32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\system32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\system32\divx.dll (DivX, Inc.)
Drivers32: vidc.hfyu - C:\WINDOWS\system32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: VIDC.IV41 - C:\WINDOWS\system32\IR41_32.AX (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\system32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\system32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\system32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\system32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\system32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\system32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\system32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\system32\divx.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\system32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\system32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/05/14 19:41:55 | 00,000,000 | ---D | C] -- C:\OLDGAMES
[2009/05/14 18:26:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\Basic_Setup_and_Installation_of_DosBox_files
[2009/05/14 18:26:38 | 00,025,512 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Basic_Setup_and_Installation_of_DosBox.htm
[2009/05/14 18:11:45 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/14 17:24:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\index.php_files
[2009/05/14 17:24:34 | 00,126,730 | ---- | C] () -- C:\Documents and Settings\test\Desktop\index.php.htm
[2009/05/14 17:24:20 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTListIt2.exe
[2009/05/12 20:38:04 | 00,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.63
[2009/05/12 17:17:50 | 04,548,736 | ---- | C] () -- C:\Documents and Settings\test\Desktop\1f883b5bd7240ddd718e67a8749e428c.mp3
[2009/05/07 15:35:46 | 00,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2009/05/06 03:28:50 | 46,824,2432 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/05 20:33:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\Malwarebytes
[2009/05/05 20:33:45 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/05 20:33:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/05 20:33:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/05 20:33:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/05 19:21:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/05/05 19:17:41 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2009/05/05 19:00:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\HP
[2009/05/05 18:59:04 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009/05/05 18:59:03 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/05/05 18:50:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\temp
[2009/05/05 16:48:20 | 00,001,621 | ---- | C] () -- C:\Documents and Settings\test\Application Data\QuickZip45.ini
[2009/05/05 16:48:07 | 00,000,000 | ---D | C] -- C:\Program Files\QuickZip4
[2009/04/30 15:45:29 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/04/30 15:44:26 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/04/30 15:33:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/04/24 21:16:06 | 00,495,104 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\D&G.exe
[2009/04/24 21:16:06 | 00,000,639 | ---- | C] () -- C:\WINDOWS\D&G.c4
[2009/04/24 21:16:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\D&G.ini
[2009/04/24 21:16:05 | 03,112,668 | ---- | C] () -- C:\WINDOWS\D&G.swf
[2009/04/24 21:16:05 | 00,017,462 | ---- | C] () -- C:\WINDOWS\D&G.bmp
[2009/04/24 21:16:05 | 00,009,662 | ---- | C] () -- C:\WINDOWS\D&G.ico
[2009/04/24 21:16:05 | 00,000,668 | ---- | C] () -- C:\WINDOWS\D&G.c3
[2009/04/24 21:16:05 | 00,000,668 | ---- | C] () -- C:\WINDOWS\D&G.c1
[2009/04/24 21:16:04 | 00,903,680 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\D&G.scr
[2009/04/24 21:16:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\D&G Uninstaller
[2009/04/17 04:13:48 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/04/16 21:26:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\My Documents\LimeWire
[2009/04/16 21:24:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\LimeWire
[2009/04/16 18:03:16 | 00,000,000 | ---D | C] -- C:\Program Files\Trillian
[2009/04/15 10:00:25 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/15 10:00:24 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/15 10:00:16 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/15 10:00:13 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/04/15 10:00:00 | 36,091,790 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/15 10:00:00 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/04/15 10:00:00 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/15 10:00:00 | 00,056,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/15 10:00:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/04/15 09:59:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/04/07 20:23:17 | 00,000,113 | ---- | C] () -- C:\WINDOWS\(null)toolkit.ini
[2008/12/28 11:51:00 | 00,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/28 11:50:50 | 00,145,609 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/12/28 11:49:08 | 00,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/12 12:57:38 | 00,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/12/09 14:57:26 | 00,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/12/09 14:57:18 | 00,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/12/09 14:57:02 | 00,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/12/09 14:56:42 | 00,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/12/09 14:56:34 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/12/09 14:56:22 | 00,485,888 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/12/08 09:37:04 | 00,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/08 09:34:42 | 00,791,742 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/08 08:53:40 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/11/26 15:55:22 | 00,683,520 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2008/11/26 14:49:10 | 00,238,080 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/08/05 18:02:12 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/05 17:59:04 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/08/05 17:59:04 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/03/29 11:42:22 | 00,245,248 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2008/03/29 11:42:14 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2008/03/29 11:42:08 | 00,148,992 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008/03/29 11:42:04 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008/03/29 11:42:04 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2008/03/29 11:42:02 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008/03/29 11:42:00 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008/03/29 11:41:54 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2008/03/29 11:41:52 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/10/13 05:30:20 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/06/28 14:54:10 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/12 12:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/07/22 00:20:20 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/06/29 12:20:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/03/09 17:53:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ringtonemaker.INI
[2006/03/09 17:49:01 | 00,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2006/03/09 17:48:59 | 00,000,999 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006/02/07 20:35:50 | 00,000,459 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/07 15:15:46 | 00,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/12/12 08:42:14 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/06/23 15:57:52 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/06/23 15:46:20 | 00,000,501 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/06/23 08:35:02 | 00,000,278 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/05/03 14:55:20 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/05/03 14:52:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/03 14:41:51 | 00,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/05/03 14:41:10 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/10/06 14:42:57 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 19:04:25 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 19:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 19:04:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/15 19:38:40 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[1997/06/13 22:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[2009/05/14 19:45:53 | 00,001,621 | ---- | M] () -- C:\Documents and Settings\test\Application Data\QuickZip45.ini
[2009/05/14 19:37:38 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/14 19:35:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/14 19:35:03 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\test\Local Settings\desktop.ini
[2009/05/14 19:35:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/14 19:34:59 | 46,824,2432 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/14 18:35:25 | 36,091,790 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/14 18:35:25 | 00,056,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/14 18:26:47 | 00,025,512 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Basic_Setup_and_Installation_of_DosBox.htm
[2009/05/14 17:24:36 | 00,126,730 | ---- | M] () -- C:\Documents and Settings\test\Desktop\index.php.htm
[2009/05/14 17:24:20 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTListIt2.exe
[2009/05/12 23:57:42 | 04,548,736 | ---- | M] () -- C:\Documents and Settings\test\Desktop\1f883b5bd7240ddd718e67a8749e428c.mp3
[2009/05/07 15:20:39 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/30 20:25:59 | 00,213,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/19 17:38:00 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/15 13:02:32 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/15 10:00:25 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/15 10:00:24 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/15 10:00:16 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/15 10:00:13 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/04/15 10:00:00 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

========== LOP Check ==========

[2009/05/05 19:21:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/17 15:21:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/09 16:43:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/11/12 17:13:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/08/06 14:19:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2006/07/22 00:21:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2008/07/25 00:10:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2006/09/28 21:33:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/15 09:59:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/05/05 19:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2008/10/28 20:48:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/05 20:33:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 15:33:18 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/04/13 22:40:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2003/05/03 14:45:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2003/05/03 14:44:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/04/09 15:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2006/07/12 19:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/14 02:56:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/02/07 12:32:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/11/13 20:01:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2009/04/14 03:01:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2009/05/05 20:33:57 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\test\Application Data
[2006/07/22 00:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\acccore
[2008/10/12 17:47:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Adobe
[2006/07/10 20:59:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\AdobeUM
[2006/09/09 07:56:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Aim
[2009/02/28 21:32:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Apple Computer
[2007/01/31 16:43:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\DivX
[2007/02/02 22:27:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\FastStone
[2006/04/12 22:44:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Help
[2009/05/13 00:45:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\HP
[2003/05/03 12:57:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Identities
[2006/02/09 12:47:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\InterVideo
[2009/04/14 17:50:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\IObit
[2006/05/05 08:58:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Leadertech
[2009/04/30 17:29:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\LimeWire
[2006/02/07 20:37:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Macromedia
[2007/02/01 23:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Magix
[2009/05/05 20:33:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Malwarebytes
[2009/04/15 09:58:49 | 00,000,000 | --SD | M] -- C:\Documents and Settings\test\Application Data\Microsoft
[2008/07/25 00:34:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Mozilla
[2007/12/23 14:09:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\MSN6
[2009/05/12 20:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Real
[2009/03/01 01:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\RobinsonCrusoe
[2003/05/03 14:29:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Sun
[2006/07/12 19:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Symantec
[2006/02/10 01:49:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Template
[2009/04/07 20:10:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Trillian
[2009/03/01 01:02:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\ViquaSoft
[2007/02/24 16:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Webshots
[2008/11/13 20:18:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\test\Application Data\yahoo!
[2009/04/15 13:02:32 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2003/03/30 22:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2007/06/03 00:49:25 | 00,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
[2009/05/14 19:35:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Custom Scans ==========


< %PROGRAMFILES%\*. >
[2009/05/13 01:01:15 | 00,000,000 | R--D | M] -- C:\Program Files
[2006/07/10 20:54:01 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/09/09 07:56:26 | 00,000,000 | ---D | M] -- C:\Program Files\AIM
[2008/09/16 18:05:44 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2006/10/10 21:06:33 | 00,000,000 | ---D | M] -- C:\Program Files\ArtisanDVDPlayer
[2003/05/03 14:36:52 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/04/14 23:31:05 | 00,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/02/28 19:05:55 | 00,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/05/12 20:27:01 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2003/05/03 14:07:57 | 00,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/04/07 20:04:46 | 00,000,000 | ---D | M] -- C:\Program Files\Cucusoft
[2003/05/03 15:07:31 | 00,000,000 | ---D | M] -- C:\Program Files\directx
[2007/02/12 00:18:16 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/05/15 01:58:44 | 00,000,000 | ---D | M] -- C:\Program Files\DOSBox-0.63
[2006/03/03 19:04:15 | 00,000,000 | ---D | M] -- C:\Program Files\Easy Internet signup
[2007/02/02 22:27:01 | 00,000,000 | ---D | M] -- C:\Program Files\FastStone Image Viewer
[2009/04/16 17:59:39 | 00,000,000 | ---D | M] -- C:\Program Files\FLV Player
[2009/04/07 20:38:20 | 00,000,000 | ---D | M] -- C:\Program Files\Free FLV Converter
[2009/05/13 00:58:16 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/05/13 00:58:16 | 00,000,000 | ---D | M] -- C:\Program Files\HP
[2006/02/01 21:54:57 | 00,000,000 | ---D | M] -- C:\Program Files\HPQ
[2006/07/04 00:17:15 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/02/12 23:29:54 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/08/20 19:44:09 | 00,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2009/04/14 16:48:02 | 00,000,000 | ---D | M] -- C:\Program Files\IObit
[2009/04/09 16:42:49 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/04/09 16:43:29 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/04/02 16:58:28 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/04/29 15:08:16 | 00,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2006/03/09 17:57:02 | 00,000,000 | ---D | M] -- C:\Program Files\Linksys
[2009/05/05 20:33:53 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/08/28 03:06:04 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/04/30 15:45:29 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/05/10 03:05:48 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2003/05/03 12:57:12 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2003/05/03 14:57:12 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/07/24 23:55:36 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/05/15 02:12:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/04/14 17:53:58 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2003/05/03 12:57:13 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/06/08 14:00:22 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/07/24 23:50:09 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/07/24 23:50:02 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/01/23 21:11:04 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/05/05 16:48:12 | 00,000,000 | ---D | M] -- C:\Program Files\QuickZip4
[2006/02/07 20:32:05 | 00,000,000 | ---D | M] -- C:\Program Files\Real
[2009/04/07 20:28:53 | 00,000,000 | ---D | M] -- C:\Program Files\Riva
[2009/04/29 15:08:14 | 00,000,000 | ---D | M] -- C:\Program Files\Semagic
[2003/05/03 14:55:20 | 00,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/04/14 20:47:39 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/05/12 19:00:12 | 00,000,000 | ---D | M] -- C:\Program Files\Trillian
[2006/02/07 13:34:13 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/05/07 15:35:46 | 00,000,000 | ---D | M] -- C:\Program Files\Western Digital Corporation
[2009/04/30 15:43:51 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/04/30 15:44:26 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2006/12/27 00:23:57 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/07/24 23:50:03 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/02/07 13:42:25 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2003/05/03 12:57:13 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/01/04 00:38:02 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2003/05/03 12:57:13 | 00,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/03/25 18:40:35 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >




OTListIt Extras logfile created on: 5/15/2009 2:18:46 AM - Run 5
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\test\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 155.09 Mb Available Physical Memory | 34.73% Memory free
1.03 Gb Paging File | 0.78 Gb Available in Paging File | 75.91% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 10.91 Gb Free Space | 29.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPPIE
Current User Name: test
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5500:TCP" = 5500:TCP:*:Enabled:imlive
"5501:TCP" = 5501:TCP:*:Enabled:imlive
"5502:TCP" = 5502:TCP:*:Enabled:imlive
"5503:TCP" = 5503:TCP:*:Enabled:imlive
"5504:TCP" = 5504:TCP:*:Enabled:imlive
"5505:TCP" = 5505:TCP:*:Enabled:imlive
"5506:TCP" = 5506:TCP:*:Enabled:imlive
"5507:TCP" = 5507:TCP:*:Enabled:imlive
"5508:TCP" = 5508:TCP:*:Enabled:imlive
"5509:TCP" = 5509:TCP:*:Enabled:imlive
"5500:UDP" = 5500:UDP:*:Enabled:imlive

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}" = Wireless-G Notebook Adapter
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}" = Notebook Utilities
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C544F99D-39EF-4E6D-95BE-4E41C1D8C4CB}" = Dr Watson for Microsoft Windows OneCare Live v1.0.0971.20
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG 8.5
"AVI Codec Pack" = AVI Codec Pack
"AVI Codec Pack Lite" = AVI Codec Pack Lite
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C" = Conexant 56K ACLink Modem
"Conexant PCI Audio" = Conexant AC-Link Audio
"D&G_is1" = D&G
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Content Uploader" = DivX Content Uploader
"FastStone Image Viewer" = FastStone Image Viewer 2.9
"FLV Player" = FLV Player 2.0 (build 25)
"Free FLV Converter_is1" = Free FLV Converter V 5.9.2
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"LimeWire" = LimeWire 4.18.8
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MAGIX ringtone maker" = MAGIX ringtone maker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotomatixPro3_is1" = Photomatix Pro version 3.1.3
"QT4HPOT" = One-Touch Buttons
"Quick Zip_is1" = Quick Zip 4.60.019
"Semagic" = Semagic (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD Media Codec" = XviD Media Codec 1.0.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sim City 2000" = Sim City 2000

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/14/2009 7:53:34 PM | Computer Name = LAPPIE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework ASP .NET' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\test\LOCALS~1\Temp\dd_NET_Framework20_Setup60DA.txt.

Error - 4/14/2009 7:53:34 PM | Computer Name = LAPPIE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '.NET
Framework WinForms' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\test\LOCALS~1\Temp\dd_NET_Framework20_Setup60DA.txt.

Error - 4/17/2009 4:29:42 AM | Computer Name = LAPPIE | Source = Application Error | ID = 1000
Description = Faulting application avgcsrvx.exe, version 8.5.0.273, faulting module
avgcorex.dll, version 8.5.0.285, fault address 0x001cb167.

Error - 4/17/2009 12:09:23 PM | Computer Name = LAPPIE | Source = Application Error | ID = 1000
Description = Faulting application avgcsrvx.exe, version 8.5.0.273, faulting module
avgcorex.dll, version 8.5.0.285, fault address 0x001cb167.

Error - 4/19/2009 2:03:56 AM | Computer Name = LAPPIE | Source = Application Error | ID = 1000
Description = Faulting application avgcsrvx.exe, version 8.5.0.273, faulting module
avgcorex.dll, version 8.5.0.285, fault address 0x001cb167.

Error - 4/19/2009 12:37:23 PM | Computer Name = LAPPIE | Source = Application Error | ID = 1000
Description = Faulting application avgcsrvx.exe, version 8.5.0.273, faulting module
avgcorex.dll, version 8.5.0.285, fault address 0x001cb167.

Error - 4/20/2009 1:25:17 AM | Computer Name = LAPPIE | Source = MsiInstaller | ID = 11905
Description = Product: Ask.com Toolbar -- Error 1905.Module C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll
failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error - 4/29/2009 2:43:06 PM | Computer Name = LAPPIE | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 8.1.1.10, faulting module
quicktime.qts, version 7.60.92.0, fault address 0x00034378.

Error - 4/29/2009 3:31:22 PM | Computer Name = LAPPIE | Source = ESENT | ID = 455
Description = wuaueng.dll (2584) SUS20ClientDataStore: Error -1811 (0xfffff8ed)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 5/12/2009 4:11:33 PM | Computer Name = LAPPIE | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module
npswf32.dll, version 10.0.12.36, fault address 0x001a5ad7.

[ System Events ]
Error - 5/15/2009 2:22:23 AM | Computer Name = LAPPIE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/15/2009 2:22:27 AM | Computer Name = LAPPIE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/15/2009 2:22:32 AM | Computer Name = LAPPIE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/15/2009 2:22:37 AM | Computer Name = LAPPIE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/15/2009 2:22:41 AM | Computer Name = LAPPIE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/15/2009 2:22:46 AM | Computer Name = LAPPIE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/15/2009 2:22:51 AM | Computer Name = LAPPIE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/15/2009 2:22:56 AM | Computer Name = LAPPIE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/15/2009 2:23:00 AM | Computer Name = LAPPIE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/15/2009 2:26:28 AM | Computer Name = LAPPIE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >


Thanks again for all your help!

Cheers




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users