Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected from Finallyfast.com


  • This topic is locked This topic is locked
9 replies to this topic

#1 Blufie

Blufie

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 14 May 2009 - 01:06 AM

Yes... so I saw a commercial on tv for a website that would help improve computer speed, and internet connectivity, www.finallyfast.com, what a joke anyway i felt needy so I downloaded the three programs that it needed to run, and imagine that i installed 2 of them and poof, Viruses up the wazoo. Anyway I found out about Combofix on this website, downloaded it and ran it through its stages, now, with that done the computer is working faster, but not to were it once was.

As far as the Pop up's yes they happen alot, most of the time at start up of Modzilla, when I open a new page. Sometimes later on, when just takin care of personal things, such as bills, ebay, or just checking email. So yah anyway the pop ups go straight to "Adult" sites, and its quite annoying to deal with.

Please help if you can..... Greatly Appreciated. *bows*


DDS (Ver_09-05-14.01) - NTFSx86
Run by Brian Herlth at 2:00:17.83 on Thu 05/14/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1395 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090513-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\gread32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\Philips Webcam\Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brian Herlth\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = 127.0.0.1:4001
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [atwtusb] atwtusb.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CTHelper] CTHELPER.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DriverMagicSchedule] "c:\program files\symplisit\drivermagic\dmschedule.exe" /boot
mExplorerRun: [Clouds] c:\windows\msiexec.exe
mExplorerRun: [Inside] c:\windows\system32\gread32.exe
mExplorerRun: [csrcs] c:\windows\system32\csrcs.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\fortem~1.lnk - c:\program files\lg soft india\fortemanager\bin\Monitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\philips webcam\Monitor.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxp://www.omnitrader.com/omnitrader/support/ot2005/updater/installer/setup.exe
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brianh~1\applic~1\mozilla\firefox\profiles\qo3yz5hx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\brian herlth\application data\mozilla\firefox\profiles\qo3yz5hx.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-11 64160]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2008-4-27 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2008-4-27 53248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-3 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-3 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-3 138680]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbguard.exe -s defaultinstance --> c:\program files\firebird\firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 953168]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2008-12-4 6852]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-16 24652]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-3 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-3 352920]
R3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [2009-3-17 1294336]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbserver.exe -s defaultinstance --> c:\program files\firebird\firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
R3 LGDDCDevice;LGDDCDevice;c:\program files\lg soft india\fortemanager\bin\I2CDriver.sys [2008-11-16 14336]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2009-4-28 17792]
R3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [2008-4-27 9728]
S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2009-1-18 22528]
S2 gameupdater;Game Updater;"c:\program files\common files\game updater\gameupdater.exe" --> c:\program files\common files\game updater\gameupdater.exe [?]
S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [2008-2-19 2333568]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 LGII2CDevice;LGII2CDevice;c:\program files\lg soft india\fortemanager\bin\PII2CDriver.sys [2008-11-16 13312]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S3 ScratchAmp;ScratchAmp Driver (ScratchAmp.sys);c:\windows\system32\drivers\ScratchAmp.sys [2009-2-17 22912]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]

=============== Created Last 30 ================

2009-05-14 00:51 <DIR> --d----- C:\ComboFix
2009-05-11 12:08 <DIR> --d----- c:\program files\common files\BioWare
2009-05-08 04:06 <DIR> --d----- C:\cmdcons
2009-05-08 04:04 161,792 a------- c:\windows\SWREG.exe
2009-05-08 04:04 98,816 a------- c:\windows\sed.exe
2009-05-07 03:00 2 a------- C:\-333855750
2009-05-07 02:58 0 a--shr-- C:\khq
2009-05-07 02:58 604,094 a------- c:\windows\system32\gread32.exe
2009-05-07 02:52 244,232 a------- c:\windows\system32\Msflxgrd.ocx
2009-05-07 02:51 303,104 a------- c:\windows\system32\ciplListBar.ocx
2009-05-07 02:51 155,648 a------- c:\windows\system32\ciplImageList.ocx
2009-05-07 02:51 119,808 a------- c:\windows\system32\MSSTDFMT.DLL
2009-05-07 02:47 223,232 a------- c:\windows\system32\sqlite3.dll
2009-05-07 02:47 36,864 a------- c:\windows\system32\ascbalon.dll
2009-05-07 02:47 20,480 a------- c:\windows\system32\SysRestore.dll
2009-05-07 02:47 217,088 a------- c:\windows\system32\ConTest.dll
2009-05-07 02:47 86,016 a------- c:\windows\system32\SQLiteWrapper.dll
2009-05-07 02:46 <DIR> --d----- c:\program files\Ascentive
2009-05-06 19:43 <DIR> --d----- c:\program files\VirtualDJ
2009-05-06 06:57 510,808 a--shr-- c:\windows\msiexec.exe
2009-05-05 18:15 <DIR> --d----- c:\program files\Numark Cue
2009-04-29 18:15 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-04-28 23:38 17,792 a------- c:\windows\system32\drivers\vcsvad.sys
2009-04-28 23:38 <DIR> --d----- c:\program files\AV Vcs 7.0
2009-04-28 17:19 <DIR> --d----- c:\program files\SymplisIT
2009-04-28 17:00 <DIR> --dsh--- c:\documents and settings\brian herlth\PrivacIE
2009-04-28 16:35 <DIR> --dsh--- c:\documents and settings\brian herlth\IETldCache
2009-04-28 16:32 <DIR> --d----- c:\windows\ie8updates
2009-04-28 16:31 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-04-28 16:29 <DIR> -cd-h--- c:\windows\ie8
2009-04-28 16:20 <DIR> --d----- c:\windows\SxsCaPendDel
2009-04-21 13:06 <DIR> --d----- c:\program files\SecondLife
2009-04-20 02:36 <DIR> --d----- c:\program files\Ares
2009-04-19 01:04 <DIR> --d----- c:\program files\common files\i4j_jres

==================== Find3M ====================

2009-05-11 12:13 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-05-08 04:12 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-05-04 08:13 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-04 08:13 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-19 23:03 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-03-19 23:03 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-16 23:17 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-10-15 18:06 32 ac------ c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-08-04 06:09 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080420080805\index.dat

============= FINISH: 2:00:51.97 ===============

Attached Files


Edited by Blufie, 14 May 2009 - 02:13 AM.


BC AdBot (Login to Remove)

 


#2 Blufie

Blufie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 14 May 2009 - 11:06 PM

Can anyone help, cause its really annoying to have all these things popping up, Avast which is my anti virus software finds something 90% of the times i scan, but it says it deletes them, and it also says successful... but it is still causing the new windows to open, in firefox. If you need anymore info please let me know. I would like to get rid of this thing before it gets worse.

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:30 AM

Posted 15 May 2009 - 10:14 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 Blufie

Blufie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 15 May 2009 - 12:16 PM

Ok here is the OTListIt2 Report:

OTListIt logfile created on: 5/15/2009 1:05:30 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Brian Herlth\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.51% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 9.22 Gb Free Space | 12.37% Space Free | Partition Type: NTFS
Drive D: | 7.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 16.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 298.09 Gb Total Space | 125.45 Gb Free Space | 42.08% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SOUTHWES-175EA7
Current User Name: Brian Herlth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/05 17:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/05/04 08:13:09 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/02/05 17:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/01/08 09:35:36 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/10/16 10:08:08 | 00,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2009/05/08 01:56:14 | 00,604,094 | ---- | M] () -- C:\WINDOWS\system32\gread32.exe
PRC - [2005/05/18 19:00:00 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/05/16 11:58:18 | 00,086,960 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2008/10/15 02:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
PRC - [2007/03/20 18:43:50 | 00,315,392 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
PRC - [2009/01/06 14:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/02/05 17:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/05/04 08:13:09 | 00,516,440 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/04 12:45:36 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2009/02/05 17:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 17:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/03/27 12:44:02 | 01,126,400 | ---- | M] () -- C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
PRC - [2006/02/28 08:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2007/10/16 10:07:38 | 02,711,552 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
PRC - [2007/10/16 18:32:18 | 00,249,856 | ---- | M] () -- C:\Program Files\Philips Webcam\Monitor.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/04/28 16:06:25 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/15 13:04:41 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian Herlth\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/01/19 01:32:05 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 17:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 17:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 17:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 17:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/05/14 04:30:51 | 00,079,360 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service [On_Demand | Stopped])
SRV - [2009/01/08 09:35:36 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService [Auto | Running])
SRV - [2007/10/16 10:08:08 | 00,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance [Auto | Running])
SRV - [2007/10/16 10:07:38 | 02,711,552 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance [On_Demand | Running])
SRV - [2008/10/29 20:06:41 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - File not found -- -- (gameupdater [Auto | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/05/04 08:13:09 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - [2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR2 [On_Demand | Stopped])
SRV - [2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/02/18 14:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 23:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/02/05 17:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2008/08/14 08:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2006/07/05 03:01:00 | 00,151,552 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2005/12/19 19:00:00 | 00,092,800 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\AEAudio.sys -- (AEAudioService [On_Demand | Running])
DRV - [2006/06/06 10:51:06 | 00,022,528 | ---- | M] (WALTOP International Corp.) -- C:\WINDOWS\system32\DRIVERS\aiptektp.sys -- (aiptektp [System | Stopped])
DRV - [2005/03/09 19:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2009/02/05 17:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 17:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 17:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 17:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 17:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2008/02/19 11:48:42 | 02,333,568 | ---- | M] (Digital Camera) -- C:\WINDOWS\System32\Drivers\Ca2001v.sys -- (Ca2001v [On_Demand | Stopped])
DRV - [2006/12/21 05:05:22 | 01,294,336 | R--- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\CM108.sys -- (CM1083264 [On_Demand | Running])
DRV - [2009/03/04 14:42:16 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\COMMONFX.SYS -- (COMMONFX [On_Demand | Stopped])
DRV - [2009/03/04 14:42:16 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS [On_Demand | Running])
DRV - [2007/04/12 09:10:26 | 00,164,608 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL [On_Demand | Stopped])
DRV - [2009/03/04 14:44:26 | 00,511,000 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2009/03/04 14:44:38 | 00,528,408 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2009/03/04 14:42:30 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\CTAUDFX.SYS -- (CTAUDFX [On_Demand | Stopped])
DRV - [2009/03/04 14:42:30 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS [On_Demand | Running])
DRV - [2009/03/04 14:44:54 | 00,347,080 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2007/04/12 09:10:18 | 00,168,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL [On_Demand | Stopped])
DRV - [2007/04/12 09:10:20 | 00,280,320 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL [On_Demand | Stopped])
DRV - [2007/04/12 09:10:22 | 00,128,768 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL [On_Demand | Stopped])
DRV - [2007/04/12 09:10:22 | 00,323,328 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL [On_Demand | Stopped])
DRV - [2009/03/04 14:42:56 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\CTERFXFX.SYS -- (CTERFXFX [On_Demand | Stopped])
DRV - [2009/03/04 14:42:56 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS [On_Demand | Stopped])
DRV - [2007/04/12 09:10:24 | 01,317,632 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL [On_Demand | Stopped])
DRV - [2007/04/12 09:10:26 | 00,066,816 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL [On_Demand | Stopped])
DRV - [2009/03/04 14:45:46 | 00,014,360 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2009/03/04 14:42:42 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\CTSBLFX.SYS -- (CTSBLFX [On_Demand | Stopped])
DRV - [2009/03/04 14:42:42 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS [On_Demand | Running])
DRV - [2009/03/04 14:46:00 | 00,157,208 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [1998/07/10 05:31:00 | 00,007,328 | ---- | M] () -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D [Auto | Running])
DRV - [2009/03/04 14:46:26 | 00,092,696 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2008/12/04 07:18:00 | 00,043,520 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys -- (FET5X86V [On_Demand | Running])
DRV - [2008/12/04 07:18:00 | 00,043,520 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys -- (FETND5BV [On_Demand | Stopped])
DRV - [2001/08/17 08:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/03/04 14:46:38 | 00,798,744 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2009/03/04 14:46:48 | 00,162,840 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Stopped])
DRV - [2009/03/04 14:46:56 | 00,189,464 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\hap17v2k.sys -- (hap17v2k [On_Demand | Running])
DRV - [2006/11/22 11:01:48 | 00,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock [Auto | Running])
DRV - [2008/12/25 02:00:14 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt [Auto | Running])
DRV - [2004/10/27 19:21:30 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2009/05/04 08:13:16 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/03/27 12:42:46 | 00,014,336 | ---- | M] () -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice [On_Demand | Running])
DRV - [2008/03/27 12:42:46 | 00,013,312 | ---- | M] () -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice [On_Demand | Stopped])
DRV - [2003/07/17 04:10:06 | 00,007,040 | R--- | M] (VIA Networking Technologies, Inc. ) -- C:\WINDOWS\system32\ntsim.sys -- (NTSIM [On_Demand | Stopped])
DRV - [2007/08/31 18:58:20 | 00,018,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Running])
DRV - [2009/02/18 14:44:00 | 06,308,224 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2009/03/04 14:45:34 | 00,127,512 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2003/09/19 04:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
DRV - [2006/02/28 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/05/22 18:22:16 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2003/01/31 15:41:04 | 00,022,912 | ---- | M] (Thesycon GmbH, Germany) -- C:\WINDOWS\System32\Drivers\ScratchAmp.sys -- (ScratchAmp [On_Demand | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/06/07 19:00:00 | 00,393,088 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\Senfilt.sys -- (SenFiltService [On_Demand | Running])
DRV - [2001/06/21 22:39:02 | 00,073,728 | ---- | M] (Rainbow Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel [Auto | Running])
DRV - [2001/06/21 22:39:02 | 00,020,032 | R--- | M] (Rainbow Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS -- (Sntnlusb [On_Demand | Stopped])
DRV - [2008/10/01 14:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 15:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2004/11/14 07:01:02 | 00,006,852 | ---- | M] () -- C:\WINDOWS\system32\Drivers\Vcs.sys -- (Vcs [Auto | Running])
DRV - [2008/12/10 16:56:26 | 00,017,792 | ---- | M] (Avnex) -- C:\WINDOWS\system32\DRIVERS\vcsvad.sys -- (VCSVADHWSer [On_Demand | Stopped])
DRV - [2001/09/19 13:28:50 | 00,009,728 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\viausb1.sys -- (viafilter [On_Demand | Running])
DRV - [2008/04/03 15:42:30 | 00,016,896 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ViBus.sys -- (ViBus [Boot | Running])
DRV - [2007/09/21 17:49:10 | 00,009,216 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32 [Boot | Running])
DRV - [2008/04/03 15:42:34 | 00,053,248 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ViPrt.sys -- (ViPrt [Boot | Running])
DRV - [2003/08/03 23:29:08 | 00,006,912 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\vulfnth.sys -- (vulfnths [On_Demand | Running])
DRV - [2003/08/03 23:29:32 | 00,011,392 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\vulfntr.sys -- (vulfntrs [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1292428093-562591055-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1292428093-562591055-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1292428093-562591055-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1292428093-562591055-725345543-1004\S-1-5-21-1292428093-562591055-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1292428093-562591055-725345543-1004\S-1-5-21-1292428093-562591055-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: betteryoutube@ginatrapani.org:0.4.3
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: video-dowloader@magic-imv.ro:2.2.280608
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.0
FF - prefs.js..extensions.enabledItems: {85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}:1.4
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/15 13:26:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/28 16:22:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 16:06:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 16:06:31 | 00,000,000 | ---D | M]

[2009/03/29 03:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian Herlth\Application Data\mozilla\Extensions
[2008/08/17 05:14:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian Herlth\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/29 03:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian Herlth\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/05/15 02:07:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian Herlth\Application Data\mozilla\Firefox\Profiles\qo3yz5hx.default\extensions
[2008/09/12 18:03:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian Herlth\Application Data\mozilla\Firefox\Profiles\qo3yz5hx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/02/16 00:57:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian Herlth\Application Data\mozilla\Firefox\Profiles\qo3yz5hx.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2008/10/29 06:42:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian Herlth\Application Data\mozilla\Firefox\Profiles\qo3yz5hx.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2008/11/06 14:35:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian Herlth\Application Data\mozilla\Firefox\Profiles\qo3yz5hx.default\extensions\betteryoutube@ginatrapani.org
[2009/03/10 06:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian Herlth\Application Data\mozilla\Firefox\Profiles\qo3yz5hx.default\extensions\moveplayer@movenetworks.com
[2008/10/25 10:27:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Brian Herlth\Application Data\mozilla\Firefox\Profiles\qo3yz5hx.default\extensions\video-dowloader@magic-imv.ro
[2009/05/15 13:04:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/12/15 03:40:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}
[2009/04/28 16:06:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/10/15 16:09:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/02/12 06:28:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/10/29 14:48:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/15 13:26:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/08 14:46:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/28 16:06:25 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 16:06:25 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/21 02:45:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/21 02:45:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/21 02:45:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/21 02:45:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/21 02:45:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/21 02:45:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/21 02:45:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [atwtusb] atwtusb.exe ()
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DriverMagicSchedule] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot (SymplisIT Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1292428093-562591055-725345543-1004..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\forteManager.lnk = C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk = C:\Program Files\Philips Webcam\Monitor.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1292428093-562591055-725345543-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1292428093-562591055-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1292428093-562591055-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1292428093-562591055-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1292428093-562591055-725345543-1004_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} http://www.omnitrader.com/omnitrader/suppo...aller/setup.exe (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/21 16:25:26 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/01 13:36:21 | 00,726,248 | R--- | M] (BioWare) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/11/15 18:48:02 | 00,000,057 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007/01/16 19:20:28 | 00,092,854 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/01/03 05:29:29 | 00,000,076 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/01/10 04:40:00 | 00,000,000 | ---D | M] - F:\Autodesk 3ds Max Design Suite 2009 DVD Incl Keygen -- [ NTFS ]
O32 - AutoRun File - [2008/12/25 02:12:40 | 00,000,000 | ---D | M] - F:\Autodesk Maya 2008 Unlimited Automated Crack_By_Nobody -- [ NTFS ]
O32 - AutoRun File - [2008/12/25 02:12:11 | 00,122,539 | ---- | M] () - F:\Autodesk Maya 2008 Unlimited Automated Crack_By_Nobody.zip -- [ NTFS ]
O32 - AutoRun File - [2008/12/25 01:36:10 | 00,000,000 | ---D | M] - F:\AUTODESK.MAYA.UNLIMITED.2008.HYBRID.DVD-ISO -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/15 13:05:56 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/05/15 13:05:53 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Brian Herlth\Desktop\ew7kjosq.exe
[2009/05/15 13:04:41 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brian Herlth\Desktop\OTListIt2.exe
[2009/05/15 05:14:09 | 00,000,588 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/05/15 05:14:09 | 00,000,588 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2009/05/15 01:29:53 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Brian Herlth\Desktop\Shortcut to MassEffectLauncher.lnk
[2009/05/15 00:25:42 | 00,046,504 | ---- | C] () -- C:\Documents and Settings\Brian Herlth\My Documents\MassEffectConfigReport2009-05-15.xml
[2009/05/14 04:42:31 | 00,001,938 | ---- | C] () -- C:\Documents and Settings\Brian Herlth\Desktop\Launch DriverMagic Now.lnk
[2009/05/14 04:34:28 | 00,029,772 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-0000000D-00001102-00000008-10011102}.rfx
[2009/05/14 04:34:28 | 00,029,772 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-0000000D-00001102-00000008-10011102}.rfx
[2009/05/14 04:34:28 | 00,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-0000000D-00001102-00000008-10011102}.rfx
[2009/05/14 04:33:59 | 04,931,933 | ---- | C] () -- C:\WINDOWS\{00000005-00000000-0000000D-00001102-00000008-10011102}.BAK
[2009/05/14 04:30:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2009/05/14 04:30:23 | 04,931,933 | ---- | C] () -- C:\WINDOWS\{00000005-00000000-0000000D-00001102-00000008-10011102}.CDF
[2009/05/14 02:32:39 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/14 02:21:54 | 32,422,8296 | ---- | C] (BioWare) -- C:\Documents and Settings\Brian Herlth\Desktop\MassEffect_BDtS_ES_a.exe
[2009/05/14 02:00:06 | 00,359,883 | ---- | C] () -- C:\Documents and Settings\Brian Herlth\Desktop\dds.scr
[2009/05/14 00:59:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian Herlth\Local Settings\temp
[2009/05/14 00:51:28 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/05/11 12:11:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian Herlth\My Documents\BioWare
[2009/05/11 12:08:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2009/05/08 04:06:32 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/08 04:06:24 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/08 04:06:20 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/05/08 04:04:36 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/08 04:04:36 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/08 04:04:36 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/08 04:04:36 | 00,118,272 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/08 04:04:36 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/08 04:04:36 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/08 04:04:36 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/08 04:04:36 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/08 04:04:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/08 04:04:06 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/08 04:00:30 | 03,019,432 | R--- | C] () -- C:\Documents and Settings\Brian Herlth\Desktop\ComboFix.exe
[2009/05/07 03:00:50 | 00,000,002 | ---- | C] () -- C:\-333855750
[2009/05/07 02:58:32 | 00,000,000 | RHS- | C] () -- C:\khq
[2009/05/07 02:58:30 | 00,604,094 | ---- | C] () -- C:\WINDOWS\System32\gread32.exe
[2009/05/07 02:52:26 | 00,244,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msflxgrd.ocx
[2009/05/07 02:51:46 | 00,303,104 | ---- | C] (CIPL) -- C:\WINDOWS\System32\ciplListBar.ocx
[2009/05/07 02:51:46 | 00,155,648 | ---- | C] (CIPL) -- C:\WINDOWS\System32\ciplImageList.ocx
[2009/05/07 02:51:46 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2009/05/07 02:47:12 | 00,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/05/07 02:47:12 | 00,036,864 | ---- | C] (CIPL) -- C:\WINDOWS\System32\ascbalon.dll
[2009/05/07 02:47:10 | 00,020,480 | ---- | C] (Ascentive LLC) -- C:\WINDOWS\System32\SysRestore.dll
[2009/05/07 02:47:09 | 00,217,088 | ---- | C] (Ascentive) -- C:\WINDOWS\System32\ConTest.dll
[2009/05/07 02:47:09 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/05/07 02:46:51 | 00,000,000 | ---D | C] -- C:\Program Files\Ascentive
[2009/05/06 19:43:50 | 00,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2009/05/06 06:57:01 | 00,510,808 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\msiexec.exe
[2009/05/05 18:41:30 | 76,709,932 | ---- | C] () -- C:\Documents and Settings\Brian Herlth\My Documents\FIRST TRY AT MIX.wav
[2009/05/05 18:15:05 | 00,000,000 | ---D | C] -- C:\Program Files\Numark Cue
[2009/04/29 18:15:12 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/04/28 23:38:55 | 00,017,792 | ---- | C] (Avnex) -- C:\WINDOWS\System32\drivers\vcsvad.sys
[2009/04/28 23:38:28 | 00,000,000 | ---D | C] -- C:\Program Files\AV Vcs 7.0
[2009/04/28 17:19:40 | 00,000,000 | ---D | C] -- C:\Program Files\SymplisIT
[2009/04/28 16:35:04 | 00,000,083 | -HS- | C] () -- C:\Documents and Settings\Brian Herlth\My Documents\desktop.ini
[2009/04/28 16:32:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/04/28 16:31:46 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/04/28 16:29:35 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/28 16:20:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/04/24 02:51:30 | 00,029,209 | -H-- | C] () -- C:\Documents and Settings\Brian Herlth\Desktop\keep on going.wav.jpg
[2009/04/24 02:51:07 | 00,002,847 | -H-- | C] () -- C:\Documents and Settings\Brian Herlth\Desktop\101_-_Justice_-_Genesis.mp3.jpg
[2009/04/21 13:07:26 | 00,000,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Second Life.lnk
[2009/04/21 13:06:57 | 00,000,000 | ---D | C] -- C:\Program Files\SecondLife
[2009/04/20 02:36:33 | 00,000,000 | ---D | C] -- C:\Program Files\Ares
[2009/04/19 01:04:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\i4j_jres
[2009/04/18 02:32:41 | 00,058,896 | -H-- | C] () -- C:\Documents and Settings\Brian Herlth\Desktop\WoW.wav.jpg
[2009/04/18 02:32:35 | 00,035,864 | -H-- | C] () -- C:\Documents and Settings\Brian Herlth\Desktop\System of a Down- Lonely Day.wav.jpg
[2009/04/18 02:32:32 | 00,035,864 | -H-- | C] () -- C:\Documents and Settings\Brian Herlth\Desktop\System of a Down- Lonely Day.mp3.jpg
[2009/04/18 02:30:15 | 00,016,140 | -H-- | C] () -- C:\Documents and Settings\Brian Herlth\Desktop\Bass DROP!.wav.jpg
[2009/04/18 02:30:07 | 00,027,865 | -H-- | C] () -- C:\Documents and Settings\Brian Herlth\Desktop\Nascar.wav.jpg
[2009/04/17 04:42:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Brian Herlth\Desktop\Unused Desktop Shortcuts
[2009/04/16 00:22:49 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 00:22:49 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 00:22:49 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 00:22:49 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 00:22:49 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 00:22:49 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 00:22:49 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 00:22:48 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 00:22:48 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 00:22:31 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/16 00:22:31 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/03/17 12:33:48 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\CM108rm.dll
[2009/03/04 13:15:26 | 00,049,697 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/03/04 13:15:24 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/03/04 12:47:28 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2009/03/04 12:46:18 | 00,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2009/01/18 18:57:18 | 00,005,511 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2008/12/25 02:00:14 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2008/12/25 01:59:58 | 00,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2008/12/12 15:26:14 | 00,000,224 | ---- | C] () -- C:\WINDOWS\mixstrings.ini
[2008/12/12 15:21:58 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\Chip.dll
[2008/12/04 00:21:32 | 00,006,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vcs.sys
[2008/11/06 14:21:49 | 00,000,073 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2008/10/22 20:48:28 | 00,003,018 | ---- | C] () -- C:\WINDOWS\Dext2001.ini
[2008/10/16 19:11:36 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/10/02 19:17:37 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/28 02:35:10 | 00,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/09/28 02:35:10 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/09/28 02:35:10 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/09/28 02:35:09 | 03,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/08/02 03:06:07 | 00,001,819 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2008/07/15 21:14:27 | 00,002,798 | ---- | C] () -- C:\WINDOWS\WoWEmuHackSettings.ini
[2008/07/14 02:16:52 | 00,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
[2008/04/27 03:37:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2008/04/18 01:33:16 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/04/18 01:33:16 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/04/18 01:33:16 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/04/18 01:33:16 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/04/18 01:33:16 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/04/18 01:33:16 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/04/18 01:32:03 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2008/03/21 16:31:04 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2008/03/21 16:29:56 | 00,004,160 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/03/21 16:29:55 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/12/05 04:41:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 04:41:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 04:41:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 04:41:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 04:41:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/27 14:48:10 | 00,014,100 | ---- | C] () -- C:\WINDOWS\twspmm.ini
[2007/08/13 20:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/04/12 09:10:28 | 00,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2006/10/02 17:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/02/28 08:00:00 | 00,000,937 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/08/21 16:41:00 | 00,217,150 | ---- | C] () -- C:\WINDOWS\System32\dbcapi.dll
[2002/10/21 14:17:54 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\QP.dll
[2002/10/15 09:08:04 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\IQ_API.dll
[2002/10/15 08:21:58 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\DTNHistoryLookup.dll
[2002/05/01 11:11:44 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DTNOptionChainLookup.dll
[2001/09/05 19:05:16 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\symplisc.dll
[2001/08/21 09:31:54 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2001/06/05 10:22:52 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\DTNSymbolLookup.dll
[2001/02/03 03:22:08 | 00,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2001/02/03 01:59:28 | 00,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2000/11/08 15:46:00 | 00,716,849 | ---- | C] () -- C:\WINDOWS\System32\Olapdbmg.dll
[1999/08/16 13:23:00 | 00,121,344 | ---- | C] () -- C:\WINDOWS\System32\usaccess.dll

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/15 13:05:56 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Brian Herlth\Desktop\ew7kjosq.exe
[2009/05/15 13:04:41 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian Herlth\Desktop\OTListIt2.exe
[2009/05/15 13:02:21 | 00,000,937 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/15 13:02:19 | 00,206,054 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/15 13:02:08 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/15 13:02:08 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Brian Herlth\Local Settings\desktop.ini
[2009/05/15 13:02:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/15 13:02:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/15 05:14:09 | 00,030,624 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-0000000D-00001102-00000008-10011102}.rfx
[2009/05/15 05:14:09 | 00,030,624 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-0000000D-00001102-00000008-10011102}.rfx
[2009/05/15 05:14:09 | 00,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-0000000D-00001102-00000008-10011102}.rfx
[2009/05/15 05:14:09 | 00,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-0000000D-00001102-00000008-10011102}.rfx
[2009/05/15 05:14:09 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-0000000D-00001102-00000008-10011102}.rfx
[2009/05/15 05:14:09 | 00,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/05/15 05:14:09 | 00,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/05/15 05:13:39 | 04,931,933 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-0000000D-00001102-00000008-10011102}.CDF
[2009/05/15 05:13:39 | 04,931,933 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-0000000D-00001102-00000008-10011102}.BAK
[2009/05/15 01:29:53 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Brian Herlth\Desktop\Shortcut to MassEffectLauncher.lnk
[2009/05/15 00:25:42 | 00,046,504 | ---- | M] () -- C:\Documents and Settings\Brian Herlth\My Documents\MassEffectConfigReport2009-05-15.xml
[2009/05/14 04:42:31 | 00,001,938 | ---- | M] () -- C:\Documents and Settings\Brian Herlth\Desktop\Launch DriverMagic Now.lnk
[2009/05/14 04:30:16 | 00,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/05/14 04:30:15 | 00,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/05/14 02:46:29 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/05/14 02:28:00 | 32,422,8296 | ---- | M] (BioWare) -- C:\Documents and Settings\Brian Herlth\Desktop\MassEffect_BDtS_ES_a.exe
[2009/05/14 02:00:11 | 00,359,883 | ---- | M] () -- C:\Documents and Settings\Brian Herlth\Desktop\dds.scr
[2009/05/14 00:57:03 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/14 00:51:06 | 03,019,432 | R--- | M] () -- C:\Documents and Settings\Brian Herlth\Desktop\ComboFix.exe
[2009/05/13 23:19:47 | 00,453,863 | ---- | M] () -- C:\VirtualDJ Local Database v5.xml
[2009/05/13 12:36:15 | 00,118,272 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/11 08:13:16 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/11 08:06:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/08 04:15:29 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/08 04:12:51 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/05/08 04:06:32 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/08 01:56:14 | 00,604,094 | ---- | M] () -- C:\WINDOWS\System32\gread32.exe
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/07 03:00:50 | 00,000,002 | ---- | M] () -- C:\-333855750
[2009/05/07 02:58:32 | 00,000,000 | RHS- | M] () -- C:\khq
[2009/05/07 02:55:58 | 00,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/06 22:16:45 | 00,224,256 | -HS- | M] () -- C:\Documents and Settings\Brian Herlth\Desktop\Thumbs.db
[2009/05/05 18:51:08 | 00,000,397 | ---- | M] () -- C:\WINDOWS\System\Cm108.ini
[2009/05/05 18:48:45 | 76,709,932 | ---- | M] () -- C:\Documents and Settings\Brian Herlth\My Documents\FIRST TRY AT MIX.wav
[2009/05/04 08:13:23 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/04 08:13:16 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/28 16:35:04 | 00,000,083 | -HS- | M] () -- C:\Documents and Settings\Brian Herlth\My Documents\desktop.ini
[2009/04/28 16:32:28 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/28 16:25:34 | 00,593,612 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/28 16:25:34 | 00,505,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/28 16:25:34 | 00,096,772 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/25 03:20:47 | 00,034,304 | -HS- | M] () -- C:\Documents and Settings\Brian Herlth\My Documents\Thumbs.db
[2009/04/24 02:51:30 | 00,029,209 | -H-- | M] () -- C:\Documents and Settings\Brian Herlth\Desktop\keep on going.wav.jpg
[2009/04/24 02:51:07 | 00,002,847 | -H-- | M] () -- C:\Documents and Settings\Brian Herlth\Desktop\101_-_Justice_-_Genesis.mp3.jpg
[2009/04/24 02:07:12 | 00,002,670 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/21 19:43:19 | 00,000,049 | ---- | M] () -- C:\plug_in.ini
[2009/04/21 13:07:26 | 00,000,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Second Life.lnk
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/18 02:32:41 | 00,058,896 | -H-- | M] () -- C:\Documents and Settings\Brian Herlth\Desktop\WoW.wav.jpg
[2009/04/18 02:32:35 | 00,035,864 | -H-- | M] () -- C:\Documents and Settings\Brian Herlth\Desktop\System of a Down- Lonely Day.wav.jpg
[2009/04/18 02:32:32 | 00,035,864 | -H-- | M] () -- C:\Documents and Settings\Brian Herlth\Desktop\System of a Down- Lonely Day.mp3.jpg
[2009/04/18 02:30:15 | 00,016,140 | -H-- | M] () -- C:\Documents and Settings\Brian Herlth\Desktop\Bass DROP!.wav.jpg
[2009/04/18 02:30:07 | 00,027,865 | -H-- | M] () -- C:\Documents and Settings\Brian Herlth\Desktop\Nascar.wav.jpg

========== Alternate Data Streams ==========

@Alternate Data Stream - 478 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >






OTListIt Extras logfile created on: 5/15/2009 1:05:30 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Brian Herlth\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.51% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 9.22 Gb Free Space | 12.37% Space Free | Partition Type: NTFS
Drive D: | 7.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 16.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 298.09 Gb Total Space | 125.45 Gb Free Space | 42.08% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SOUTHWES-175EA7
Current User Name: Brian Herlth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1292428093-562591055-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"7942:TCP" = 7942:TCP:*:Enabled:UTORRENT
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"16500:TCP" = 16500:TCP:*:Enabled:Shoutcast2
"16501:TCP" = 16501:TCP:*:Enabled:Shoutcast2
"8000:UDP" = 8000:UDP:*:Enabled:Shoutcast
"8000:TCP" = 8000:TCP:*:Enabled:Shoutcast
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"8002:TCP" = 8002:TCP:*:Enabled:Winamp
"8002:UDP" = 8002:UDP:*:Enabled:Winamp2
"3724:TCP" = 3724:TCP:*:Enabled:wow1
"6112:TCP" = 6112:TCP:*:Enabled:wow2
"6881:TCP" = 6881:TCP:*:Enabled:wow3
"14368:TCP" = 14368:TCP:*:Enabled:lime
"14368:UDP" = 14368:UDP:*:Enabled:lime2

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/10/14 20:38:15 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2009/03/10 16:10:51 | 00,139,776 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2007/11/19 17:13:12 | 00,274,432 | ---- | M] () -- C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv
[2008/09/22 01:16:56 | 11,997,184 | ---- | M] () -- C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TmForever
[2009/04/28 06:25:24 | 00,315,392 | ---- | M] (SymplisIT Corporation) -- C:\Program Files\SymplisIT\DriverMagic\DriverMagic.exe:*:Enabled:DriverMagic
[2008/11/16 06:43:14 | 00,098,304 | ---- | M] () -- C:\Program Files\Steam\steamapps\whiteitiger2585\day of defeat source\hl2.exe:*:Enabled:hl2
[2008/04/13 20:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2005/01/27 15:33:06 | 08,151,040 | ---- | M] (Nirvana Systems, Inc.) -- C:\Program Files\Nirvana\OT2005\OT2005.exe:*:Enabled:OT2005
[2009/03/06 16:48:00 | 00,946,176 | ---- | M] () -- C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice
[2009/03/18 18:50:30 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2004/12/27 13:48:28 | 00,167,936 | ---- | M] () -- C:\Program Files\SHOUTcast\sc_serv.exe:*:Enabled:sc_serv
[2009/05/06 19:43:52 | 13,275,441 | ---- | M] (Atomix Productions) -- C:\Program Files\VirtualDJ\virtualdj.exe:*:Enabled:VirtualDJ
[2007/09/20 17:04:18 | 00,671,813 | ---- | M] () -- C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module
[2006/11/03 03:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/08/06 11:21:06 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2009/03/06 16:54:50 | 21,925,888 | ---- | M] (Linden Lab) -- C:\Program Files\SecondLife\SecondLife.exe:*:Enabled:Second Life
[2008/10/09 11:46:22 | 03,271,112 | ---- | M] () -- C:\Program Files\SLim\SLim.exe:*:Enabled:SLim
[2008/10/27 16:05:34 | 00,946,176 | ---- | M] () -- C:\Program Files\SecondLifeFirstLookSLim\SLVoice.exe:*:Enabled:SLVoice
[2008/08/14 07:58:34 | 00,611,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4
[2009/01/23 23:25:42 | 00,540,672 | ---- | M] () -- C:\Program Files\SecondLifeReleaseCandidate\SLVoice.exe:*:Enabled:SLVoice
[2005/01/07 18:01:36 | 00,224,768 | R--- | M] () -- F:\Program Files\Sierra\FEAR\fpupdate.exe:*:Enabled:fpupdate
[2006/08/25 15:46:38 | 05,423,104 | R--- | M] (Monolith Productions, Inc.) -- F:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR
[2006/08/25 15:54:04 | 05,431,296 | R--- | M] (Monolith Productions, Inc.) -- F:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR
[2007/08/03 07:12:08 | 00,274,432 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Maya2008\bin\maya.exe:*:Enabled:Maya
[2008/07/31 16:44:44 | 02,818,048 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo
File not found -- C:\Documents and Settings\Brian Herlth\Desktop\InstallWoW.exe:*:Enabled:InstallWoW
[2009/02/12 01:08:19 | 03,794,528 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
[2009/04/28 16:06:25 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/01/06 14:06:28 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2009/02/12 01:08:18 | 02,172,400 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
[2009/04/15 20:00:27 | 02,232,832 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2009/02/03 09:22:18 | 01,004,544 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows
[2008/09/23 14:17:06 | 21,755,688 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008/07/30 11:53:16 | 25,720,040 | ---- | M] (BioWare) -- F:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game
[2008/05/30 17:46:14 | 00,730,344 | ---- | M] (BioWare) -- F:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{20BF75A6-F30D-4D97-82B1-C86829B7EE07}" = OT2005
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{219CB444-F2B6-4A17-8A76-BB7847F3DB26}" = Sony DVD Architect 4.0
"{21BB0483-3D43-46A7-A63F-72C702701438}" = GameShadow
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{366FCBA4-3AB9-4EF1-938E-E7054BEA2E22}" = TubeHunter Ultra
"{39674178-9AEB-4A97-8F5D-FD042FB1EB65}" = Crystal Reports 9
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4FC19392-E4A5-4CCB-B45A-AB7E8126D3C9}" = Microsoft Easy Assist
"{4FCCB6D1-F4A7-4086-B3E3-130EE5A37333}" = Philips Webcam
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5BEB2F46-3723-47CF-BF7F-39C453B9D977}" = DriverMagic
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{639858DD-4966-40F3-A706-7C838BCF3A2B}" = MaxBlast 4
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C70ACE2-6EF2-4F8D-8C4A-78198AA979DD}" = Maya 2008 Documentation (en_US)
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7E35AD35-5FE0-4DB5-80C5-13353CEEDC56}_is1" = XviD MPEG-4 Video Codec rev.1.2.0.
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82A27957-45D5-41BC-8593-60249895727B}" = ActivePerl 5.10.0 Build 1004
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8BAC9DAB-9118-4D13-8CF4-78812CC4755C}" = ACID Pro 7.0
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}" = Autodesk DirectConnect 2.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB6F775-E76E-49F7-98D3-1519414B1E4B}" = YouSendIt Express
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D99B2022-8C8B-4F47-8B7F-D6ECC3562B51}" = Media Manager 2.4
"{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager
"{DA864DC0-0BF2-454B-A6A9-08A45EB97D3B}" = Maya 2008
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}" = Sony Vegas 7.0
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E8C61FF1-9140-4571-81FB-C619F6E003E3}" = SLim
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.1" = Acoustica Mixcraft 4.1
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"AIM_6" = AIM 6
"AIMTunes" = AIMTunes
"Alarm_is1" = Alarm 2.0.4
"Ares" = Ares 2.1.1
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"AudioConSole" = Creative Audio Console
"AudioCS" = Creative Audio Console
"AV Voice Changer Software 7.0" = AV Voice Changer Software 7.0
"AV Voice Changer Software DIAMOND 4.0" = AV Voice Changer Software DIAMOND 4.0
"avast!" = avast! Antivirus
"AVIcodec" = AVIcodec (remove only)
"camcodec" = CamStudio Lossless Codec
"CamStudio" = CamStudio
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.50
"FBDBServer_2_0_is1" = Firebird 2.1.0.16780 (Win32)
"FL Studio 7" = FL Studio 7
"Fraps" = Fraps
"Free Music Zilla_is1" = Free Music Zilla
"GameSpy Arcade" = GameSpy Arcade
"gBurner" = gBurner
"Generic USB 108 Sound" = C-Media USB 108 Sound
"getPlus®_ocx" = getPlus®_ocx
"GLIntercept_is1" = GLIntercept 0.5
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"Halo" = Microsoft Halo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{4FCCB6D1-F4A7-4086-B3E3-130EE5A37333}" = Philips Webcam
"InstallShield_{CBB6F775-E76E-49F7-98D3-1519414B1E4B}" = YouSendIt Express
"LimeWire" = LimeWire 5.1.2
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mmflesetup_is1" = MixMeister Fusion Live 7.3.5
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments Pro-53" = Native Instruments Pro-53
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 3 LE" = Native Instruments Traktor 3 LE
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Numark Cue LE (Atomix Productions)" = Numark Cue LE (Atomix Productions)
"NVIDIA Drivers" = NVIDIA Drivers
"Rainbow Sentinel Driver" = Sentinel System Driver
"Reason4_is1" = Reason 4.0
"Rmtablet" = USB Tablet Manager
"SCDNAS" = SHOUTcast DNAS (remove only)
"SecondLife" = SecondLife (remove only)
"SecondLifeFirstLookSLim" = SecondLifeFirstLookSLim (remove only)
"SecondLifeReleaseCandidate" = SecondLifeReleaseCandidate (remove only)
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.0 (remove only)
"SLON 2.0" = SLON 2.0 (2.0.7)
"Steam App 11020" = TrackMania Nations Forever
"Steam App 12900" = Audiosurf
"Steam App 300" = Day of Defeat: Source
"StepMania" = StepMania (remove only)
"SystemRequirementsLab" = System Requirements Lab
"VideoGet_is1" = Nuclear Coffee - VideoGet
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 0.9.6
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"VZAccess Manager" = VZAccess Manager
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.6
"Wings 3D 0.99.52" = Wings 3D 0.99.52
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions" = Adobe Digital Editions
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1292428093-562591055-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions" = Adobe Digital Editions
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 3/24/2009 3:10:32 PM | Computer Name = SOUTHWES-175EA7 | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 5/7/2009 3:04:35 AM | Computer Name = SOUTHWES-175EA7 | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.

Error - 5/7/2009 3:08:04 AM | Computer Name = SOUTHWES-175EA7 | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function C0000005.

[ Application Events ]
Error - 5/14/2009 12:50:24 AM | Computer Name = SOUTHWES-175EA7 | Source = Application Error | ID = 1001
Description = Fault bucket 792395574.

Error - 5/14/2009 2:34:27 AM | Computer Name = SOUTHWES-175EA7 | Source = Application Error | ID = 1000
Description = Faulting application masseffect.exe, version 1.0.14184.0, faulting
module unknown, version 0.0.0.0, fault address 0x0615ba90.

Error - 5/14/2009 2:34:33 AM | Computer Name = SOUTHWES-175EA7 | Source = Application Error | ID = 1001
Description = Fault bucket 791092609.

Error - 5/14/2009 2:41:33 AM | Computer Name = SOUTHWES-175EA7 | Source = Application Error | ID = 1000
Description = Faulting application masseffect.exe, version 1.0.14184.0, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 5/14/2009 2:41:36 AM | Computer Name = SOUTHWES-175EA7 | Source = Application Error | ID = 1001
Description = Fault bucket 1237726060.

Error - 5/14/2009 2:56:57 AM | Computer Name = SOUTHWES-175EA7 | Source = Application Error | ID = 1000
Description = Faulting application masseffect.exe, version 1.1.14660.0, faulting
module unknown, version 0.0.0.0, fault address 0x0615f9e0.

Error - 5/14/2009 2:57:01 AM | Computer Name = SOUTHWES-175EA7 | Source = Application Error | ID = 1001
Description = Fault bucket 867127981.

Error - 5/14/2009 3:43:13 AM | Computer Name = SOUTHWES-175EA7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/15/2009 12:11:05 AM | Computer Name = SOUTHWES-175EA7 | Source = Application Error | ID = 1000
Description = Faulting application masseffect.exe, version 1.1.14660.0, faulting
module unknown, version 0.0.0.0, fault address 0x1722ba90.

Error - 5/15/2009 12:11:09 AM | Computer Name = SOUTHWES-175EA7 | Source = Application Error | ID = 1001
Description = Fault bucket 1275763579.

[ System Events ]
Error - 5/11/2009 1:25:05 AM | Computer Name = SOUTHWES-175EA7 | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 5/11/2009 11:50:50 PM | Computer Name = SOUTHWES-175EA7 | Source = Service Control Manager | ID = 7000
Description = The Game Updater service failed to start due to the following error:
%%2

Error - 5/11/2009 11:50:50 PM | Computer Name = SOUTHWES-175EA7 | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 5/13/2009 10:38:08 PM | Computer Name = SOUTHWES-175EA7 | Source = Service Control Manager | ID = 7000
Description = The Game Updater service failed to start due to the following error:
%%2

Error - 5/13/2009 10:38:08 PM | Computer Name = SOUTHWES-175EA7 | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 5/14/2009 4:28:05 AM | Computer Name = SOUTHWES-175EA7 | Source = Service Control Manager | ID = 7000
Description = The Game Updater service failed to start due to the following error:
%%2

Error - 5/14/2009 4:35:40 AM | Computer Name = SOUTHWES-175EA7 | Source = Service Control Manager | ID = 7000
Description = The Game Updater service failed to start due to the following error:
%%2

Error - 5/14/2009 1:48:45 PM | Computer Name = SOUTHWES-175EA7 | Source = Service Control Manager | ID = 7000
Description = The Game Updater service failed to start due to the following error:
%%2

Error - 5/15/2009 12:00:59 AM | Computer Name = SOUTHWES-175EA7 | Source = Service Control Manager | ID = 7000
Description = The Game Updater service failed to start due to the following error:
%%2

Error - 5/15/2009 1:02:30 PM | Computer Name = SOUTHWES-175EA7 | Source = Service Control Manager | ID = 7000
Description = The Game Updater service failed to start due to the following error:
%%2


< End of report >




Also when I tried to run the other program and scan, the computer crashed and restarted. Did it twice, and the second time I disabled the Anti Virus software just in case that caused the crash but it still crashed.

Edited by Blufie, 15 May 2009 - 12:26 PM.


#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:30 AM

Posted 15 May 2009 - 02:38 PM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - [2009/05/08 01:56:14 | 00,604,094 | ---- | M] () -- C:\WINDOWS\system32\gread32.exe
    O32 - AutoRun File - [2009/01/10 04:40:00 | 00,000,000 | ---D | M] - F:\Autodesk 3ds Max Design Suite 2009 DVD Incl Keygen -- [ NTFS ]
    O32 - AutoRun File - [2008/12/25 02:12:40 | 00,000,000 | ---D | M] - F:\Autodesk Maya 2008 Unlimited Automated Crack_By_Nobody -- [ NTFS ]
    O32 - AutoRun File - [2008/12/25 02:12:11 | 00,122,539 | ---- | M] () - F:\Autodesk Maya 2008 Unlimited Automated Crack_By_Nobody.zip -- [ NTFS ]
    
    :Files
    C:\WINDOWS\system32\gread32.exe
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log
Also post the log from the combofix run that you did earlier so I can see what was removed.
It should be located at C:\Combofix.txt

Edited by Buckeye_Sam, 15 May 2009 - 02:38 PM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 Blufie

Blufie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 16 May 2009 - 12:10 AM

This is the log after running the fix for OTlistIT:

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Process gread32.exe killed successfully!
File not found.
File not found.
F:\Autodesk Maya 2008 Unlimited Automated Crack_By_Nobody.zip moved successfully.
========== FILES ==========
C:\WINDOWS\system32\gread32.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Brian Herlth\Local Settings\temp\etilqs_yV5NpAD0sCj21ARWd1qY scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Brian Herlth\Local Settings\temp\~DFFF2C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hlktmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_45c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5bc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05162009_005606

Files moved on Reboot...
File C:\Documents and Settings\Brian Herlth\Local Settings\temp\etilqs_yV5NpAD0sCj21ARWd1qY not found!
File C:\Documents and Settings\Brian Herlth\Local Settings\temp\~DFFF2C.tmp not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_45c.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_5bc.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...



The combofix is this:

ComboFix 09-05-13.02 - Brian Herlth 05/14/2009 0:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1434 [GMT -4:00]
Running from: c:\documents and settings\Brian Herlth\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090513-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\csrcs.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.

2009-05-11 16:08 . 2009-05-11 16:08 -------- d-----w c:\program files\Common Files\BioWare
2009-05-07 06:58 . 2009-05-08 05:56 604094 ----a-w c:\windows\system32\gread32.exe
2009-05-07 06:51 . 2008-11-12 21:40 119808 ----a-w c:\windows\system32\MSSTDFMT.DLL
2009-05-07 06:47 . 2008-11-07 21:58 223232 ----a-w c:\windows\system32\sqlite3.dll
2009-05-07 06:47 . 2008-11-12 21:40 36864 ----a-w c:\windows\system32\ascbalon.dll
2009-05-07 06:47 . 2008-11-07 21:58 20480 ----a-w c:\windows\system32\SysRestore.dll
2009-05-07 06:47 . 2009-04-02 19:55 217088 ----a-w c:\windows\system32\ConTest.dll
2009-05-07 06:47 . 2008-11-07 21:58 86016 ----a-w c:\windows\system32\SQLiteWrapper.dll
2009-05-07 06:46 . 2009-05-07 07:05 -------- d-----w c:\program files\Ascentive
2009-05-06 23:43 . 2009-05-06 23:43 -------- d-----w c:\program files\VirtualDJ
2009-05-06 10:57 . 2009-03-13 16:17 510808 --sha-r c:\windows\msiexec.exe
2009-05-05 22:15 . 2009-05-05 22:15 -------- d-----w c:\program files\Numark Cue
2009-04-29 03:38 . 2008-12-10 20:56 17792 ----a-w c:\windows\system32\drivers\vcsvad.sys
2009-04-29 03:38 . 2009-04-29 03:50 -------- d-----w c:\program files\AV Vcs 7.0
2009-04-28 23:21 . 2009-04-28 23:21 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-28 21:19 . 2009-04-28 21:19 -------- d-----w c:\program files\SymplisIT
2009-04-28 21:00 . 2009-04-28 21:00 -------- d-sh--w c:\documents and settings\Brian Herlth\PrivacIE
2009-04-28 20:35 . 2009-04-28 20:35 -------- d-sh--w c:\documents and settings\Brian Herlth\IETldCache
2009-04-28 20:32 . 2009-04-28 20:32 -------- d-----w c:\windows\ie8updates
2009-04-28 20:31 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-28 20:29 . 2009-04-28 20:31 -------- dc-h--w c:\windows\ie8
2009-04-28 20:20 . 2009-04-28 20:34 -------- d-----w c:\windows\SxsCaPendDel
2009-04-21 17:06 . 2009-04-21 17:07 -------- d-----w c:\program files\SecondLife
2009-04-20 06:36 . 2009-04-21 15:48 -------- d-----w c:\documents and settings\Brian Herlth\Local Settings\Application Data\Ares
2009-04-20 06:36 . 2009-04-20 06:36 -------- d-----w c:\program files\Ares
2009-04-19 05:04 . 2009-04-19 05:04 -------- d-----w c:\program files\Common Files\i4j_jres
2009-04-16 04:22 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 04:22 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 04:22 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 04:22 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 04:22 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 04:22 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 04:22 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 04:22 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 04:22 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 04:22 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 04:22 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 16:13 . 2008-04-21 16:34 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-05-08 08:12 . 2006-02-28 12:00 182912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-05-08 05:55 . 2008-03-21 20:31 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-06 10:56 . 2008-12-06 04:10 -------- d-----w c:\program files\VirtualDJ2
2009-05-06 04:01 . 2008-09-11 09:02 -------- d-----w c:\program files\Yahoo!
2009-05-04 12:13 . 2009-03-11 23:38 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-04 12:13 . 2009-03-11 12:13 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-29 03:25 . 2008-12-04 04:21 -------- d-----w c:\program files\AV Vcs 4.0 DIAMOND
2009-04-28 06:56 . 2008-11-08 21:03 -------- d-----w c:\program files\QuickTime
2009-04-16 00:23 . 2009-01-28 08:45 -------- d-----w c:\program files\World of Warcraft
2009-04-08 18:45 . 2008-04-10 03:27 -------- d-----w c:\program files\Java
2009-03-29 07:26 . 2008-04-10 03:27 -------- d-----w c:\program files\LimeWire
2009-03-20 23:08 . 2008-10-16 23:11 -------- d-----w c:\program files\AIMTunes
2009-03-20 03:03 . 2008-04-18 05:32 -------- d-----w c:\program files\Creative
2009-03-20 03:03 . 2008-12-14 16:31 444952 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-20 03:03 . 2008-12-14 16:31 109080 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-20 02:59 . 2008-12-26 07:49 -------- d-----w c:\program files\GameSpy Arcade
2009-03-20 02:59 . 2008-08-04 18:44 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-03-20 02:59 . 2008-07-01 04:35 -------- d-----w c:\program files\ImgBurn
2009-03-20 02:59 . 2008-06-22 14:25 -------- d-----w c:\program files\Nirvana
2009-03-20 02:59 . 2008-11-27 06:17 -------- d-----w c:\program files\SecondLifeReleaseCandidate
2009-03-20 02:59 . 2008-10-03 03:58 -------- d-----w c:\program files\StepMania
2009-03-20 02:59 . 2008-04-23 20:58 -------- d-----w c:\program files\Steam
2009-03-19 07:02 . 2008-06-20 19:13 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-17 16:33 . 2009-03-17 16:32 -------- d-----w c:\program files\C-Media USB 108 Sound
2009-03-09 09:19 . 2008-10-29 18:48 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 08:34 . 2006-02-28 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2006-02-28 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2006-02-28 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2006-02-28 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2006-02-28 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2006-02-28 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2006-02-28 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2006-02-28 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2006-02-28 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2006-02-28 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2006-02-28 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-18 05:51 . 2008-04-17 19:13 18832 ----a-w c:\documents and settings\Brian Herlth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-17 03:17 . 2008-04-25 09:34 453152 ----a-w c:\windows\system32\NVUNINST.EXE
.

((((((((((((((((((((((((((((( SnapShot@2009-05-08_08.16.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-14 02:37 . 2009-05-14 02:37 16384 c:\windows\Temp\Perflib_Perfdata_5c0.dat
+ 2009-05-14 02:38 . 2009-05-14 02:38 16384 c:\windows\Temp\Perflib_Perfdata_430.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-04 516440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"DriverMagicSchedule"="c:\program files\SymplisIT\DriverMagic\dmschedule.exe" [2008-12-14 69632]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2007-04-09 19968]
"atwtusb"="atwtusb.exe" - c:\windows\system32\ATWTUSB.EXE [2007-03-20 315392]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2008-06-27 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Clouds"="c:\windows\msiexec.exe" [2009-03-13 510808]
"Inside"="c:\windows\system32\gread32.exe" [2009-05-08 604094]
"csrcs"="c:\windows\system32\csrcs.exe" [BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\SymplisIT\\DriverMagic\\DriverMagic.exe"=
"c:\\Program Files\\Steam\\steamapps\\whiteitiger2585\\day of defeat source\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nirvana\\OT2005\\OT2005.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\SHOUTcast\\sc_serv.exe"=
"c:\\Program Files\\VirtualDJ\\virtualdj.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\SLim\\SLim.exe"=
"c:\\Program Files\\SecondLifeFirstLookSLim\\SLVoice.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\SecondLifeReleaseCandidate\\SLVoice.exe"=
"f:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"f:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"f:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"f:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Documents and Settings\\Brian Herlth\\Desktop\\InstallWoW.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"f:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7942:TCP"= 7942:TCP:UTORRENT
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"16500:TCP"= 16500:TCP:Shoutcast2
"16501:TCP"= 16501:TCP:Shoutcast2
"8000:UDP"= 8000:UDP:Shoutcast
"8000:TCP"= 8000:TCP:Shoutcast
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"8002:TCP"= 8002:TCP:Winamp
"8002:UDP"= 8002:UDP:Winamp2
"3724:TCP"= 3724:TCP:wow1
"6112:TCP"= 6112:TCP:wow2
"6881:TCP"= 6881:TCP:wow3
"14368:TCP"= 14368:TCP:lime
"14368:UDP"= 14368:UDP:lime2

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/11/2009 8:13 AM 64160]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [4/27/2008 3:24 AM 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [4/27/2008 3:24 AM 53248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/3/2009 11:28 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/3/2009 11:28 AM 20560]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 953168]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [12/4/2008 12:21 AM 6852]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/16/2008 7:11 PM 24652]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [11/9/2008 4:48 PM 602392]
R3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [3/17/2009 12:33 PM 1294336]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 7:21 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 7:21 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 7:21 PM 566296]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [11/16/2008 5:33 PM 14336]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [4/28/2009 11:38 PM 17792]
R3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [4/27/2008 3:31 AM 9728]
S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [1/18/2009 6:57 PM 22528]
S2 gameupdater;Game Updater;"c:\program files\Common Files\Game Updater\gameupdater.exe" --> c:\program files\Common Files\Game Updater\gameupdater.exe [?]
S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [2/19/2008 11:48 AM 2333568]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/27/2008 7:21 PM 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 7:21 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 7:21 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 7:21 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 7:21 PM 566296]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [11/16/2008 5:33 PM 13312]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
S3 ScratchAmp;ScratchAmp Driver (ScratchAmp.sys);c:\windows\system32\drivers\ScratchAmp.sys [2/17/2009 2:35 AM 22912]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 12:13]

2009-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = 127.0.0.1:4001
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: {{88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxp://www.omnitrader.com/omnitrader/support/ot2005/updater/installer/setup.exe
FF - ProfilePath - c:\documents and settings\Brian Herlth\Application Data\Mozilla\Firefox\Profiles\qo3yz5hx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Brian Herlth\Application Data\Mozilla\Firefox\Profiles\qo3yz5hx.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 00:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292428093-562591055-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1292428093-562591055-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DE96E66E-17E3-063B-292E-0C4EF78E4D78}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaioekpmpgbhgddcpf"=hex:6a,61,62,69,62,69,64,66,6a,70,64,70,67,6e,65,69,69,69,
6c,6a,00,00
"hagpghadlbphdkfm"=hex:6a,61,6e,68,6a,66,62,67,67,64,67,65,6c,6d,6c,6e,6f,68,
6d,6a,00,00
"iamnmfppeifbckcnhf"=hex:63,61,6e,68,64,69,00,7c

[HKEY_USERS\S-1-5-21-1292428093-562591055-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:35,d5,e8,79,27,76,b8,b9,35,90,75,2b,74,72,c2,38,2c,e1,79,e9,7e,61,eb,
78,15,3e,4f,a7,c8,ca,78,7e,b2,9f,0b,f0,90,ce,eb,c9,5f,23,e9,8c,32,f3,19,77,\
"??"=hex:8f,a3,ec,b6,db,8e,fe,48,0f,76,f9,7b,48,95,81,73

[HKEY_USERS\S-1-5-21-1292428093-562591055-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:b2,45,69,33,1e,89,b9,0d,0e,cd,e2,9a,08,44,db,44,a4,ba,f3,58,60,
9a,b1,c5,78,43,48,7a,a2,f1,3f,69,e6,b4,bd,96,4b,d2,c8,42,6d,af,45,b4,d7,ff,\
"rkeysecu"=hex:8b,6d,d9,8d,f7,d4,dc,18,d6,fb,62,db,d6,60,3c,6a
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-05-14 0:59
ComboFix-quarantined-files.txt 2009-05-14 04:58
ComboFix2.txt 2009-05-08 08:24

Pre-Run: 10,527,129,600 bytes free
Post-Run: 10,517,630,976 bytes free

291 --- E O F --- 2009-04-29 22:34

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:30 AM

Posted 16 May 2009 - 02:14 PM

Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Blufie

Blufie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 17 May 2009 - 12:06 PM

Ok ran the online scanner and it said this :



Sunday, May 17, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, May 17, 2009 06:49:11
Records in database: 2187346
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
Scan statistics
Files scanned 228790
Threat name 4
Infected objects 8
Suspicious objects 0
Duration of the scan 07:24:24

File name Threat name Threats count
C:\Qoobox\Quarantine\C\Documents and Settings\Brian Herlth\reader_s.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.eiu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\csrcs.exe.vir Infected: Packed.Win32.Klone.bj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ndis.sys.vir Infected: Virus.Win32.Protector.b 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_d645c16d_.sys.zip Infected: Backdoor.Win32.Latron.e 2
C:\Qoobox\Quarantine\C\WINDOWS\system32\reader_s.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.eiu 1
C:\WINDOWS\msiexec.exe Infected: Packed.Win32.Klone.bj 1
C:\_OTListIt\MovedFiles\05162009_005606\WINDOWS\system32\gread32.exe Infected: Packed.Win32.Klone.bj 1
The selected area was scanned.




Oh yah my computer is acting alot better now, and I'm seeing alot of Improvements, the popup's in Mozilla have seemed to stop, computer is kinda sluggish still, but i figure i just need to free up some space on my smaller hard drive once these infections are removed.

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:30 AM

Posted 18 May 2009 - 10:47 AM

Make sure that you delete this file.

C:\WINDOWS\msiexec.exe



Flush your system restore, this will delete any restore points that you have but it will also make sure that any malware hiding in system restore will be booted off.

Turn off System Restore:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer, turn it back on and create a restore point.

Create a restore point:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.


===================


Aside from that, your logs look pretty good to me! :)


Run OTListIt and click on the CleanUp button.
Reboot when prompted to.


===================



We need to remove Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :step4:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:30 AM

Posted 31 May 2009 - 09:46 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users