Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan-spy.gamepass trojan and couple others. PLZ HELP ... Hijackthis log


  • This topic is locked This topic is locked
16 replies to this topic

#1 underemployed

underemployed

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 10 June 2009 - 08:18 PM

Hi Guys,
Firstly spyware doctor found this trojan-spy.gamepass After removing it, it would still com back after a restart. Then i updated my AVG and ran a scan which took more than 16 hrs to run and had a bunch or trojans and a couple of viruses in the virus vault. I cleared the virus vault and then ran the HJT tool and here is the Hijackthis Log


DDS (Ver_09-05-14.01) - NTFSx86
Run by SAN at 21:06:19.67 on Wed 06/10/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.224 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Trojan removal\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [cdoosoft] c:\windows\system32\olhrwef.exe
uRun: [cdloader] "c:\documents and settings\san\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {4C730913-3961-439b-83D5-F4E445520422} - c:\program files\citi virtual account numbers\CitiVAN.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} -

hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://download.tvants.com/pub/tvants/tvants1/win32/cab/tvants.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://livecbn.support.googlepages.com/livetv.ocx
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft

office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\san\applic~1\mozilla\firefox\profiles\t65nuf2h.del\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-1-27 40840]
R1 atitray;atitray;c:\program files\ati tray tools\atitray.sys [2007-5-22 18088]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-9 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-26 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-9 108552]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-1-27 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-1-27 81288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-9 298776]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-27 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-27 1079176]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
S2 vvdsvc;VJVodServices;c:\windows\system32\svchost.exe -k vvdsvc [2005-8-16 14336]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2004-5-14 32896]

=============== Created Last 30 ================

2009-06-10 13:49 106,315 ---shr-- C:\6phx.com
2009-06-09 19:25 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-09 19:11 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-09 19:11 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-09 19:11 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-09 19:11 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-09 19:11 <DIR> --d----- c:\program files\AVG
2009-06-09 19:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-06-09 19:08 55 ---shr-- C:\autorun.inf
2009-05-28 23:00 96,768 ---shr-- c:\windows\system32\nmdfgds0.dll
2009-05-17 16:50 2,360 a------- C:\autorun.PNF
2009-05-17 07:08 96,768 ---shr-- c:\windows\system32\nmdfgds1.dll
2009-05-17 00:00 106,315 ---shr-- c:\windows\system32\olhrwef.exe
2009-05-15 17:48 118 a------- c:\windows\system32\MRT.INI

==================== Find3M ====================

2009-03-21 10:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2007-11-19 07:19 87,608 a------- c:\docume~1\san\applic~1\inst.exe
2007-11-19 07:19 47,360 a------- c:\docume~1\san\applic~1\pcouffin.sys
2007-10-14 13:24 60,968 a------- c:\documents and settings\san\GoToAssistDownloadHelper.exe

============= FINISH: 21:07:17.96 ===============


Also attached is the attach.txt file as mentioned in the pinned subject

I could really use some help as my laptop has really gone very slow.

Thanks
S

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:58 AM

Posted 11 June 2009 - 10:52 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 underemployed

underemployed
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 11 June 2009 - 02:10 PM

Hey Sam,
I am so glad that you would help me out with this. I shall do as per your earlier reply and get back to you later in the evening.
I did notice like my computer works fine for a while and then slows down to a snails pace. Also i cannot seem to view hidden folders. Whenever i try to change my properties to "view hidden files" it wont do anything

Will send you the details soon

Thanks man
S

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:58 AM

Posted 11 June 2009 - 04:56 PM

Sounds good! Just post back with those logs when you can. I'll be around. :thumbup2:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 underemployed

underemployed
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 11 June 2009 - 08:33 PM

Thanks a ton Sam for helping me out here.

Here is the malawarebytes log file

Malwarebytes' Anti-Malware 1.37
Database version: 2265
Windows 5.1.2600 Service Pack 2

6/11/2009 9:05:40 PM
mbam-log-2009-06-11 (21-05-40).txt

Scan type: Quick Scan
Objects scanned: 95113
Time elapsed: 17 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnLineGames) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnLineGames) -> Delete on reboot.
c:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnLineGames) -> Quarantined and deleted successfully.


and here is the OTL log file

OLT.txt


OTL logfile created on: 6/11/2009 9:18:39 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = E:\Trojan removal
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 408.61 Mb Available Physical Memory | 39.97% Memory free
2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.41% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 4.23 Gb Free Space | 21.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 85.42 Gb Total Space | 4.55 Gb Free Space | 5.32% Space Free | Partition Type: NTFS
Drive F: | 46.93 Mb Total Space | 38.93 Mb Free Space | 82.96% Space Free | Partition Type: FAT
Drive G: | 4.78 Gb Total Space | 0.48 Gb Free Space | 10.13% Space Free | Partition Type: FAT32
Drive H: | 2.00 Gb Total Space | 0.37 Gb Free Space | 18.30% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: YASHAKS
Current User Name: SAN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/12/04 22:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2007/12/04 22:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/11/23 02:35:50 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2006/11/23 02:32:58 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/11/23 02:35:50 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.exe
PRC - [2006/03/25 01:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/08 20:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/08/25 12:36:36 | 01,168,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/06/09 19:11:31 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/06/09 19:11:30 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2006/05/24 20:21:28 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2005/12/15 14:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 15:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/06/09 19:11:31 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/06/09 19:11:31 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2006/12/18 17:54:32 | 00,155,648 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
PRC - [2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/01/27 23:56:19 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2005/08/05 15:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2009/04/28 21:10:24 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/06 05:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/06/11 21:17:55 | 00,501,760 | ---- | M] (OldTimer Tools) -- E:\Trojan removal\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/12/04 22:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007/12/05 15:17:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/06/09 19:11:30 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2006/05/24 20:21:28 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/12/15 14:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 15:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2007/10/14 13:24:38 | 00,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist [On_Demand | Stopped])
SRV - [2007/01/26 22:25:41 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/10 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/08/05 15:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 06:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/05/16 10:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/12/18 17:54:32 | 00,155,648 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service [Auto | Running])
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/05/14 14:02:46 | 00,086,016 | ---- | M] (NetGroup - Politecnico di Torino) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/01/27 23:56:19 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2008/08/08 00:35:42 | 01,622,016 | ---- | M] (??????????) -- C:\WINDOWS\system32\Nagasoft\vjocx.dll -- (vvdsvc [Auto | Stopped])
SRV - [2006/11/23 02:35:50 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/04 01:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2005/08/12 19:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2007/12/05 01:26:40 | 02,782,208 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/05/22 05:04:54 | 00,018,088 | ---- | M] () -- C:\Program Files\ATI Tray Tools\atitray.sys -- (atitray [System | Running])
DRV - [2009/06/09 19:11:47 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/09 19:11:47 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/06/09 19:11:48 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/11/23 02:34:36 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2006/08/25 09:23:08 | 00,044,544 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2006/05/24 20:07:18 | 00,328,237 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
DRV - [2006/05/24 20:01:34 | 00,030,427 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Running])
DRV - [2006/05/24 20:04:04 | 00,851,434 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2006/05/24 20:05:26 | 00,023,271 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL [Auto | Running])
DRV - [2006/05/24 19:58:18 | 00,148,900 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
DRV - [2006/05/24 19:57:00 | 00,045,683 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btwhid.sys -- (btwhid [On_Demand | Stopped])
DRV - [2006/05/24 20:01:22 | 00,030,285 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btwmodem.sys -- (btwmodem [On_Demand | Running])
DRV - [2006/05/24 20:00:50 | 00,066,488 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/01/10 13:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2004/08/12 19:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/07/14 03:01:16 | 00,013,824 | ---- | M] (SingleClick Systems) -- C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys -- (hnmwrlspkt [Auto | Running])
DRV - [2005/07/22 05:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2005/07/22 05:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2008/08/25 12:36:28 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
DRV - [2008/08/25 12:36:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
DRV - [2008/08/25 12:36:30 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
DRV - [2004/09/29 01:02:00 | 00,016,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\ctpdusb2.sys -- (Jukebox [On_Demand | Stopped])
DRV - [2004/03/17 05:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/10 07:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2004/05/14 12:37:10 | 00,032,896 | ---- | M] (NetGroup - Politecnico di Torino) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2006/11/07 09:32:32 | 00,166,400 | ---- | M] (Novatel Wireless Inc) -- C:\WINDOWS\system32\DRIVERS\NWADIenum.sys -- (NWADI [On_Demand | Running])
DRV - [2004/02/13 18:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2006/10/15 11:36:18 | 00,011,136 | ---- | M] (SingleClick Systems) -- C:\WINDOWS\system32\DRIVERS\packet.sys -- (Packet [Auto | Running])
DRV - [2006/12/18 17:45:18 | 00,018,560 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50 [On_Demand | Stopped])
DRV - [2007/10/06 15:28:06 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2004/05/05 23:48:40 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
DRV - [2004/08/10 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2005/10/14 17:40:18 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
DRV - [2005/10/14 17:40:18 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
DRV - [2005/10/14 17:40:18 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys -- (rismxdp [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/04 01:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2004/07/28 10:08:58 | 00,136,576 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\pfc027.sys -- (SoC PC-Camera Service [On_Demand | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2006/12/29 21:07:14 | 00,639,224 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/03/25 01:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2006/03/08 20:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/07/22 05:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/07/14 03:02:22 | 00,013,696 | ---- | M] (SingleClick Systems) -- C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys -- (wsppkt [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-195945399-2459349701-560027845-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
IE - HKU\S-1-5-21-195945399-2459349701-560027845-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-195945399-2459349701-560027845-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-195945399-2459349701-560027845-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-195945399-2459349701-560027845-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-195945399-2459349701-560027845-1006\S-1-5-21-195945399-2459349701-560027845-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: dictionary@adarsh.tp:2.1.5
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/06/09 19:11:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 21:10:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 21:10:30 | 00,000,000 | ---D | M]

[2009/03/20 10:06:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Extensions
[2009/03/20 10:06:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/07 20:16:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Firefox\Profiles\t65nuf2h.del\extensions
[2009/06/11 21:11:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Firefox\Profiles\uz3szjzd.default\extensions
[2009/03/22 09:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Firefox\Profiles\uz3szjzd.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2007/10/25 02:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Firefox\Profiles\uz3szjzd.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2009/03/22 09:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Firefox\Profiles\uz3szjzd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/16 00:03:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Firefox\Profiles\uz3szjzd.default\extensions\dictionary@adarsh.tp
[2009/04/18 21:13:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Firefox\Profiles\uz3szjzd.default\extensions\firefox@tvunetworks.com
[2009/06/11 20:50:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 21:10:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/16 09:38:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/09/10 17:33:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/04/28 21:10:24 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 21:10:24 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (CitiUSBrowserHelper Class) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKU\S-1-5-21-195945399-2459349701-560027845-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-195945399-2459349701-560027845-1006\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-195945399-2459349701-560027845-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-195945399-2459349701-560027845-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-21-195945399-2459349701-560027845-1006..\Run: [cdloader] "C:\Documents and Settings\SAN\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-195945399-2459349701-560027845-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-195945399-2459349701-560027845-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = E3 F8 FF 03 [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-195945399-2459349701-560027845-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} http://download.tvants.com/pub/tvants/tvan.../cab/tvants.cab (TVAnts ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://livecbn.support.googlepages.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 21:05:19 | 00,000,055 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/21 13:40:01 | 00,002,360 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 21:05:19 | 00,000,055 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/10/08 05:13:16 | 00,000,241 | ---- | M] () - F:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2006/10/08 05:13:16 | 00,000,241 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT ]
O32 - AutoRun File - [2009/06/11 21:05:20 | 00,000,055 | RHS- | M] () - F:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2005/07/07 20:34:30 | 00,001,871 | ---- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/06/11 21:05:20 | 00,000,055 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/06/11 21:05:20 | 00,000,055 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{12e8c364-0e69-11dd-9d5c-0015c5ce09ec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{12e8c364-0e69-11dd-9d5c-0015c5ce09ec}\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found
O33 - MountPoints2\{12e8c364-0e69-11dd-9d5c-0015c5ce09ec}\Shell\phone\command - "" = J:\autorun.exe -- File not found
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\setup.exe -- [2004/08/10 07:00:00 | 00,023,040 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{44495310-a7dd-11dd-9e2c-0015c5ce09ec}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\services.exe
O33 - MountPoints2\{44495310-a7dd-11dd-9e2c-0015c5ce09ec}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\services.exe
O33 - MountPoints2\{448e5cc8-3651-11de-9ee5-0015c5ce09ec}\Shell\AutoRun\command - "" = J:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{69cc485c-4324-11de-9ef7-0015c5ce09ec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{69cc485c-4324-11de-9ef7-0015c5ce09ec}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\{69cc485c-4324-11de-9ef7-0015c5ce09ec}\Shell\phone\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\{69cc485d-4324-11de-9ef7-0015c5ce09ec}\Shell\AutoRun\command - "" = J:\q9.cmd -- File not found
O33 - MountPoints2\{69cc485d-4324-11de-9ef7-0015c5ce09ec}\Shell\open\Command - "" = J:\q9.cmd -- File not found
O33 - MountPoints2\{bc23b87e-4290-11de-9ef6-0015c5ce09ec}\Shell\AutoRun\command - "" = iexplore.exe
O33 - MountPoints2\{bc23b87e-4290-11de-9ef6-0015c5ce09ec}\Shell\open\command - "" = iexplore.exe
O33 - MountPoints2\{ccc797ce-4170-11de-9ef3-0015c5ce09ec}\Shell\AutoRun\command - "" = D:\0bcobed.exe -- File not found
O33 - MountPoints2\{ccc797ce-4170-11de-9ef3-0015c5ce09ec}\Shell\open\Command - "" = D:\0bcobed.exe -- File not found
O33 - MountPoints2\{ee6a7b6f-2b43-11dc-b3ab-0015c5ce09ec}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\D\Shell\phone\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/11 21:17:55 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/06/11 20:44:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SAN\Application Data\Malwarebytes
[2009/06/11 20:44:51 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/11 20:44:48 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/11 20:44:47 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/11 20:44:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/11 20:44:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/10 13:49:41 | 00,106,315 | RHS- | C] () -- C:\6phx.com
[2009/06/09 19:25:56 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/06/09 19:11:49 | 00,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/09 19:11:48 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/09 19:11:48 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/09 19:11:47 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/09 19:11:40 | 37,028,844 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/09 19:11:40 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/09 19:11:40 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/09 19:11:40 | 00,071,058 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/09 19:11:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/06/09 19:11:29 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/06/09 19:11:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/06/09 19:08:31 | 00,000,055 | RHS- | C] () -- C:\autorun.inf
[2009/06/07 20:47:19 | 00,007,168 | -HS- | C] () -- C:\Documents and Settings\SAN\Desktop\Thumbs.db
[2009/05/21 15:50:41 | 01,350,640 | ---- | C] () -- C:\Documents and Settings\SAN\Desktop\WED_SAGAR.jpg
[2009/05/18 13:59:35 | 00,201,728 | ---- | C] () -- C:\Documents and Settings\SAN\Desktop\itinerary.doc
[2009/05/17 16:50:45 | 00,002,360 | ---- | C] () -- C:\autorun.PNF
[2009/05/15 17:48:23 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/29 20:57:07 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\PdSACKey.sys
[2008/08/29 20:48:09 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2008/06/16 13:33:47 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/03/02 12:00:44 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/10/31 10:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/09/15 23:36:28 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2007/09/15 23:36:28 | 00,007,196 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AAC.ini
[2007/09/15 23:36:28 | 00,005,028 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP2_AAC.ini
[2007/09/15 23:36:28 | 00,004,296 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Zune.ini
[2007/09/15 23:36:28 | 00,002,910 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AMR.ini
[2007/09/15 23:36:28 | 00,002,175 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPhone.ini
[2007/09/15 23:36:28 | 00,001,739 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_AppleTV.ini
[2007/09/15 23:36:28 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\INI_Add_mfra.ini
[2007/09/15 23:36:27 | 00,006,490 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PSP.ini
[2007/09/15 23:36:27 | 00,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2007/09/15 23:36:27 | 00,002,956 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PMP.ini
[2007/09/15 23:36:27 | 00,002,516 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PPC.ini
[2007/09/15 23:36:27 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2007/09/15 23:36:27 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2007/09/15 23:36:27 | 00,001,878 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Xbox.ini
[2007/09/15 23:36:27 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AMR.ini
[2007/09/15 23:36:27 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AAC.ini
[2007/09/15 23:36:27 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AMR.ini
[2007/09/15 23:36:27 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AAC.ini
[2007/09/15 23:36:26 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/05/17 13:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/12/29 21:07:14 | 00,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/12/28 22:53:58 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/26 20:12:13 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/14 01:31:41 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/14 01:20:34 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/14 01:11:05 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/14 01:07:46 | 00,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/12/14 01:01:06 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/12/14 01:01:05 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/12/14 00:34:38 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/12/14 00:34:10 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/24 20:16:22 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/16 06:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 06:18:43 | 00,000,967 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 06:18:41 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 16:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/04 10:11:06 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\PawLib.dll
[2005/02/17 14:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 14:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/07/28 10:08:58 | 00,136,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
[2004/01/15 08:01:26 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/01/08 10:30:22 | 00,011,170 | ---- | C] () -- C:\WINDOWS\System32\PA207Usd.dll
[2002/10/15 18:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/11/14 15:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/06/11 21:16:38 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/11 21:16:00 | 00,510,062 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/11 21:16:00 | 00,428,972 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/11 21:16:00 | 00,073,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/11 21:09:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/11 21:08:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\SAN\Local Settings\desktop.ini
[2009/06/11 21:08:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/11 21:08:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/11 21:05:19 | 00,000,055 | RHS- | M] () -- C:\autorun.inf
[2009/06/11 20:44:51 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/10 18:49:54 | 37,028,844 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/10 18:49:36 | 00,071,058 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/09 19:11:49 | 00,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/09 19:11:48 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/09 19:11:48 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/09 19:11:47 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/09 19:11:47 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/09 19:11:40 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/09 19:11:40 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/09 19:08:51 | 00,106,315 | RHS- | M] () -- C:\6phx.com
[2009/06/07 20:47:21 | 00,007,168 | -HS- | M] () -- C:\Documents and Settings\SAN\Desktop\Thumbs.db
[2009/06/04 10:17:19 | 00,000,996 | ---- | M] () -- C:\Documents and Settings\SAN\Desktop\magicJack.lnk
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/21 15:51:39 | 01,350,640 | ---- | M] () -- C:\Documents and Settings\SAN\Desktop\WED_SAGAR.jpg
[2009/05/21 13:40:01 | 00,002,360 | ---- | M] () -- C:\autorun.PNF
[2009/05/21 12:47:43 | 00,201,728 | ---- | M] () -- C:\Documents and Settings\SAN\Desktop\itinerary.doc
[2009/05/15 17:48:23 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
< End of report >


Extras.txt

OTL Extras logfile created on: 6/11/2009 9:18:39 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = E:\Trojan removal
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 408.61 Mb Available Physical Memory | 39.97% Memory free
2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.41% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 4.23 Gb Free Space | 21.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 85.42 Gb Total Space | 4.55 Gb Free Space | 5.32% Space Free | Partition Type: NTFS
Drive F: | 46.93 Mb Total Space | 38.93 Mb Free Space | 82.96% Space Free | Partition Type: FAT
Drive G: | 4.78 Gb Total Space | 0.48 Gb Free Space | 10.13% Space Free | Partition Type: FAT32
Drive H: | 2.00 Gb Total Space | 0.37 Gb Free Space | 18.30% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: YASHAKS
Current User Name: SAN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/10/19 17:36:48 | 00,897,024 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL
[2006/08/22 17:32:18 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Disabled:CyberLink PowerCinema Resident Program
File not found -- C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
[2006/11/30 23:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2006/11/30 23:49:06 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/08/29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2007/05/16 13:52:22 | 05,308,416 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
File not found -- C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
File not found -- C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
File not found -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe:*:Disabled:GoogleToolbarNotifier
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
File not found -- C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner
[2004/08/10 07:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
File not found -- C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic
[2002/02/15 16:59:26 | 00,020,992 | ---- | M] () -- E:\GAMES\SFZ\Street Fighter Alpha series_www.ciklet-bb.tr.cx\kaillerasrv.exe:*:Enabled:kaillerasrv
[2007/04/20 00:21:16 | 01,863,680 | ---- | M] (www.sopcast.com) -- C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
[2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2005/03/16 19:40:16 | 00,813,056 | ---- | M] (NetFor2 and Applian Technologies Inc.) -- C:\Program Files\WM Recorder 10\WMR90.exe:*:Enabled:Windows Media ™ Stream Recorder
File not found -- C:\Documents and Settings\SAN\Application Data\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver
File not found -- E:\GAMES\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s
File not found -- C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
File not found -- C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
File not found -- E:\GAMES\Half Life 2\hl2-steam-console.exe:*:Disabled:hl2-steam-console
[2007/08/05 19:05:22 | 00,988,212 | ---- | M] (Red Chair Software, Inc.) -- C:\Program Files\Red Chair Software\Deubox Explorer\deumgr.exe:*:Enabled:Deubox Xtreamer
[2009/02/13 17:01:47 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\SAN\My Documents\utorrent.exe:*:Enabled:µTorrent
[2009/03/25 23:11:54 | 03,274,520 | ---- | M] (TVU networks) -- C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
[2008/12/17 14:35:32 | 11,806,040 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\SAN\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack
[2009/06/11 20:39:22 | 01,085,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/06/09 19:11:31 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{02BD1C19-5946-4420-BAE3-F742686B3D43}" = PC Camera
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{236C3863-4A50-4121-8B57-CBB85D58C5C3}" = Sprint Mobile Broadband (Novatel Wireless)
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2A348348-47FF-49CB-94AB-9DCC52536B7C}" = Del Mp3 Karaoke 4.7.4703
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A188269-989A-4D12-B38B-07850FE52AD2}" = DeLorme Street Atlas USA 2007
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8DA9D7E6-8F69-4171-9007-81B0A84C83F6}" = CDisplay
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Premium
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{C2DA1CDC-EF9D-4B7C-91F8-710B17AD44A7}" = Microsoft Office Live Meeting 2007
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AimOne All to MP3 Converter_is1" = AimOne All to MP3 Converter 1.61
"All ATI Software" = ATI - Software Uninstall Utility
"Allok Video Splitter_is1" = Allok Video Splitter 1.6.4
"Apex Video Converter Super_is1" = Apex Video Converter Super 5.88
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.5
"AVI to DVD Converter" = AVI to DVD Converter
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner (remove only)
"Citi Virtual Account Numbers" = Citi Virtual Account Numbers
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell File Manager" = Dell DJ Explorer
"Deubox Explorer" = Deubox Explorer (remove only)
"DFX for Winamp" = DFX 8 for Winamp
"Direct WAV MP3 Splitter_is1" = Direct WAV MP3 Splitter 2.4
"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"eMule2" = eMule2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlyakiteOSX" = FlyakiteOSX
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.480
"Hide IP Platinum_is1" = Hide IP Platinum 3.41
"InstallShield_{02BD1C19-5946-4420-BAE3-F742686B3D43}" = PC Camera
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Picasa2" = Picasa 2
"rayatitray" = Ray Adams ATI Tray Tools
"RealPlayer 6.0" = RealPlayer
"Replay Media Catcher2.10D" = Replay Media Catcher
"SopCast" = SopCast 1.1.2
"SPVOD Player1.8" = SPVOD Player1.8
"Spyware Doctor" = Spyware Doctor 6.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVAnts ActiveX Control 1.0" = TVAnts ActiveX Control 1.0
"TVUPlayer" = TVUPlayer 2.4.5.1
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 0.9.8a
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPcapInst" = WinPcap 3.1 beta3
"WinRAR archiver" = WinRAR archiver
"WM_Recorder_9.1B" = WM Recorder + RM Recorder 10.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-195945399-2459349701-560027845-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2009 9:30:53 PM | Computer Name = YASHAKS | Source = Application Error | ID = 1000
Description = Faulting application mplayerc.exe, version 6.4.9.0, faulting module
ffdshow.ax, version 1.0.5.2811, fault address 0x001fd724.

Error - 5/13/2009 7:33:25 AM | Computer Name = YASHAKS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module ffdshow.ax, version 1.0.5.2811, fault address 0x001fd724.

Error - 5/17/2009 4:52:06 PM | Computer Name = YASHAKS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/17/2009 4:58:37 PM | Computer Name = YASHAKS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/21/2009 1:29:57 PM | Computer Name = YASHAKS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module ffdshow.ax, version 1.0.5.2811, fault address 0x001fd724.

Error - 5/25/2009 10:00:14 AM | Computer Name = YASHAKS | Source = Application Hang | ID = 1002
Description = Hanging application magicJack.exe, version 1.80.466.3, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/1/2009 11:33:29 AM | Computer Name = YASHAKS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/7/2009 8:03:57 PM | Computer Name = YASHAKS | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/7/2009 8:22:17 PM | Computer Name = YASHAKS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module unknown, version 0.0.0.0, fault address 0x02cf3d84.

Error - 6/7/2009 9:27:31 PM | Computer Name = YASHAKS | Source = Application Error | ID = 1000
Description = Faulting application mplayerc.exe, version 6.4.9.0, faulting module
ffdshow.ax, version 1.0.5.2811, fault address 0x000bac78.

[ System Events ]
Error - 6/10/2009 7:37:36 PM | Computer Name = YASHAKS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file '6phx.com' on the volume 'DP(1)0x7e00-0x2f08e00+1'.
It has stopped monitoring the volume.

Error - 6/10/2009 7:41:22 PM | Computer Name = YASHAKS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file '6phx.com' on the volume 'DP(1)0x7e00-0x2f08e00+1'.
It has stopped monitoring the volume.

Error - 6/10/2009 7:45:08 PM | Computer Name = YASHAKS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file '6phx.com' on the volume 'DP(1)0x7e00-0x2f08e00+1'.
It has stopped monitoring the volume.

Error - 6/10/2009 7:48:54 PM | Computer Name = YASHAKS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file '6phx.com' on the volume 'DP(1)0x7e00-0x2f08e00+1'.
It has stopped monitoring the volume.

Error - 6/10/2009 7:52:40 PM | Computer Name = YASHAKS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file '6phx.com' on the volume 'DP(1)0x7e00-0x2f08e00+1'.
It has stopped monitoring the volume.

Error - 6/10/2009 7:56:26 PM | Computer Name = YASHAKS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file '6phx.com' on the volume 'DP(1)0x7e00-0x2f08e00+1'.
It has stopped monitoring the volume.

Error - 6/10/2009 8:00:12 PM | Computer Name = YASHAKS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file '6phx.com' on the volume 'DP(1)0x7e00-0x2f08e00+1'.
It has stopped monitoring the volume.

Error - 6/10/2009 8:03:58 PM | Computer Name = YASHAKS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file '6phx.com' on the volume 'DP(1)0x7e00-0x2f08e00+1'.
It has stopped monitoring the volume.

Error - 6/10/2009 9:58:59 PM | Computer Name = YASHAKS | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 6/10/2009 10:00:05 PM | Computer Name = YASHAKS | Source = Service Control Manager | ID = 7034
Description = The AVG Free8 WatchDog service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

Appreciate your help and time Sam

Thanks
S

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:58 AM

Posted 12 June 2009 - 10:13 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKU\S-1-5-21-195945399-2459349701-560027845-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-195945399-2459349701-560027845-1006\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-195945399-2459349701-560027845-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-195945399-2459349701-560027845-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
    O32 - AutoRun File - [2009/06/11 21:05:19 | 00,000,055 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2009/05/21 13:40:01 | 00,002,360 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
    O32 - AutoRun File - [2009/06/11 21:05:19 | 00,000,055 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2009/06/11 21:05:20 | 00,000,055 | RHS- | M] () - F:\autorun.inf -- [ FAT ]
    O32 - AutoRun File - [2009/06/11 21:05:20 | 00,000,055 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2009/06/11 21:05:20 | 00,000,055 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]
    O33 - MountPoints2\{12e8c364-0e69-11dd-9d5c-0015c5ce09ec}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{12e8c364-0e69-11dd-9d5c-0015c5ce09ec}\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found
    O33 - MountPoints2\{12e8c364-0e69-11dd-9d5c-0015c5ce09ec}\Shell\phone\command - "" = J:\autorun.exe -- File not found
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\setup.exe -- [2004/08/10 07:00:00 | 00,023,040 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{44495310-a7dd-11dd-9e2c-0015c5ce09ec}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\services.exe
    O33 - MountPoints2\{44495310-a7dd-11dd-9e2c-0015c5ce09ec}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\services.exe
    O33 - MountPoints2\{448e5cc8-3651-11de-9ee5-0015c5ce09ec}\Shell\AutoRun\command - "" = J:\wd_windows_tools\setup.exe -- File not found
    O33 - MountPoints2\{69cc485c-4324-11de-9ef7-0015c5ce09ec}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{69cc485c-4324-11de-9ef7-0015c5ce09ec}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
    O33 - MountPoints2\{69cc485c-4324-11de-9ef7-0015c5ce09ec}\Shell\phone\command - "" = D:\autorun.exe -- File not found
    O33 - MountPoints2\{69cc485d-4324-11de-9ef7-0015c5ce09ec}\Shell\AutoRun\command - "" = J:\q9.cmd -- File not found
    O33 - MountPoints2\{69cc485d-4324-11de-9ef7-0015c5ce09ec}\Shell\open\Command - "" = J:\q9.cmd -- File not found
    O33 - MountPoints2\{bc23b87e-4290-11de-9ef6-0015c5ce09ec}\Shell\AutoRun\command - "" = iexplore.exe
    O33 - MountPoints2\{bc23b87e-4290-11de-9ef6-0015c5ce09ec}\Shell\open\command - "" = iexplore.exe
    O33 - MountPoints2\{ccc797ce-4170-11de-9ef3-0015c5ce09ec}\Shell\AutoRun\command - "" = D:\0bcobed.exe -- File not found
    O33 - MountPoints2\{ccc797ce-4170-11de-9ef3-0015c5ce09ec}\Shell\open\Command - "" = D:\0bcobed.exe -- File not found
    O33 - MountPoints2\{ee6a7b6f-2b43-11dc-b3ab-0015c5ce09ec}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
    O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
    O33 - MountPoints2\D\Shell\phone\command - "" = D:\autorun.exe -- File not found
    O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\wd_windows_tools\setup.exe -- File not found
    
    :Files
    C:\WINDOWS\system32\nmdfgds0.dll
    C:\6phx.com
    C:\autorun.inf
    C:\autorun.PNF
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

==================



Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

==================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 underemployed

underemployed
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 12 June 2009 - 01:52 PM

Hi Sam,
I followed the steps you mentioned and will post the log files in the next reply. But i had a qucik question .. I am currently running the Kaspersky online scan as you mentioned and so far it has scanned just 1500 files (less than 1%) but has been running since 45 minutes now.
Is this normal ?
even AVG tha i ran the first time took me like 12-14 hours to run and i couldnt do anything else on my PC .. it would be extremely slow?

please Let me know

thanks a lot


EDIT: its been 7 hours and kasperky online scan has just completed only 8% (abt 31,000 odd files scanned)
This isnt normal right ?

Edited by underemployed, 12 June 2009 - 10:26 PM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:58 AM

Posted 13 June 2009 - 10:41 AM

Kaspersky is known to be slow, but that is excessively slow. Let's try something.
In the Scan section, select Critical Areas instead of My Computer.
The scan should be much quicker.

Let me know if it still seems to be dragging on forever and we'll try something else.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 underemployed

underemployed
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 13 June 2009 - 04:45 PM

Hey Sam ... The Kasperky online tool just finshed the scan and did not find any objects.Just as a precaution should i try scanning using AVG/spyware doctor o any other trojan detecting software.
Anyways here are the various logs u asked for

-------------
OTL report with the custom fix

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-195945399-2459349701-560027845-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-195945399-2459349701-560027845-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-195945399-2459349701-560027845-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-195945399-2459349701-560027845-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
C:\autorun.inf moved successfully.
C:\autorun.PNF moved successfully.
E:\autorun.inf moved successfully.
F:\autorun.inf moved successfully.
G:\autorun.inf moved successfully.
H:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12e8c364-0e69-11dd-9d5c-0015c5ce09ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12e8c364-0e69-11dd-9d5c-0015c5ce09ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12e8c364-0e69-11dd-9d5c-0015c5ce09ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12e8c364-0e69-11dd-9d5c-0015c5ce09ec}\ not found.
File J:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12e8c364-0e69-11dd-9d5c-0015c5ce09ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12e8c364-0e69-11dd-9d5c-0015c5ce09ec}\ not found.
File J:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
C:\WINDOWS\system32\setup.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44495310-a7dd-11dd-9e2c-0015c5ce09ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44495310-a7dd-11dd-9e2c-0015c5ce09ec}\ not found.
File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\services.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44495310-a7dd-11dd-9e2c-0015c5ce09ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44495310-a7dd-11dd-9e2c-0015c5ce09ec}\ not found.
File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\services.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448e5cc8-3651-11de-9ee5-0015c5ce09ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{448e5cc8-3651-11de-9ee5-0015c5ce09ec}\ not found.
File J:\wd_windows_tools\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69cc485c-4324-11de-9ef7-0015c5ce09ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69cc485c-4324-11de-9ef7-0015c5ce09ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69cc485c-4324-11de-9ef7-0015c5ce09ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69cc485c-4324-11de-9ef7-0015c5ce09ec}\ not found.
File D:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69cc485c-4324-11de-9ef7-0015c5ce09ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69cc485c-4324-11de-9ef7-0015c5ce09ec}\ not found.
File D:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69cc485d-4324-11de-9ef7-0015c5ce09ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69cc485d-4324-11de-9ef7-0015c5ce09ec}\ not found.
File J:\q9.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69cc485d-4324-11de-9ef7-0015c5ce09ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69cc485d-4324-11de-9ef7-0015c5ce09ec}\ not found.
File J:\q9.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc23b87e-4290-11de-9ef6-0015c5ce09ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc23b87e-4290-11de-9ef6-0015c5ce09ec}\ not found.
File iexplore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc23b87e-4290-11de-9ef6-0015c5ce09ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc23b87e-4290-11de-9ef6-0015c5ce09ec}\ not found.
File iexplore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccc797ce-4170-11de-9ef3-0015c5ce09ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccc797ce-4170-11de-9ef3-0015c5ce09ec}\ not found.
File D:\0bcobed.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccc797ce-4170-11de-9ef3-0015c5ce09ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccc797ce-4170-11de-9ef3-0015c5ce09ec}\ not found.
File D:\0bcobed.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee6a7b6f-2b43-11dc-b3ab-0015c5ce09ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee6a7b6f-2b43-11dc-b3ab-0015c5ce09ec}\ not found.
File G:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
File J:\wd_windows_tools\setup.exe not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\nmdfgds0.dll not found.
File move failed. C:\6phx.com scheduled to be moved on reboot.
File\Folder C:\autorun.inf not found.
File\Folder C:\autorun.PNF not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\SAN\Local Settings\Temp\etilqs_fgG6DWReU690jxCqJN6E scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTL by OldTimer - Version 2.1.1.0 log created on 06122009_121236

Files moved on Reboot...
File C:\6phx.com not found!
File C:\Documents and Settings\SAN\Local Settings\Temp\etilqs_fgG6DWReU690jxCqJN6E not found!

Registry entries deleted on Reboot...

----------------------------------

just OTL.exe

OTL logfile created on: 6/12/2009 12:27:35 PM - Run 2
OTL by OldTimer - Version 2.1.1.0 Folder = E:\Trojan removal\OTL
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 393.59 Mb Available Physical Memory | 38.50% Memory free
2.40 Gb Paging File | 1.69 Gb Available in Paging File | 70.23% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 4.20 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 85.42 Gb Total Space | 2.69 Gb Free Space | 3.15% Space Free | Partition Type: NTFS
Drive F: | 46.93 Mb Total Space | 38.93 Mb Free Space | 82.96% Space Free | Partition Type: FAT
Drive G: | 4.78 Gb Total Space | 0.48 Gb Free Space | 10.13% Space Free | Partition Type: FAT32
Drive H: | 2.00 Gb Total Space | 0.37 Gb Free Space | 18.31% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: YASHAKS
Current User Name: SAN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/12/04 22:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2007/12/04 22:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/11/23 02:35:50 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2006/11/23 02:32:58 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/06/09 19:11:30 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2006/05/24 20:21:28 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2005/12/15 14:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 15:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/06/09 19:11:31 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/06/09 19:11:31 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2006/12/18 17:54:32 | 00,155,648 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
PRC - [2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/01/27 23:56:19 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2008/08/25 12:36:36 | 01,168,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2005/08/05 15:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2004/08/10 07:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2006/11/23 02:35:50 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.exe
PRC - [2006/03/25 01:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/08 20:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/06/09 19:11:31 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/06/11 22:12:59 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/06 05:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/06/11 21:17:55 | 00,501,760 | ---- | M] (OldTimer Tools) -- E:\Trojan removal\OTL\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/12/04 22:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007/12/05 15:17:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/06/09 19:11:30 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2006/05/24 20:21:28 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/12/15 14:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 15:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2007/10/14 13:24:38 | 00,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist [On_Demand | Stopped])
SRV - [2007/01/26 22:25:41 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/10 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/08/05 15:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 06:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/05/16 10:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/12/18 17:54:32 | 00,155,648 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service [Auto | Running])
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/05/14 14:02:46 | 00,086,016 | ---- | M] (NetGroup - Politecnico di Torino) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/01/27 23:56:19 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2008/08/08 00:35:42 | 01,622,016 | ---- | M] (??????????) -- C:\WINDOWS\system32\Nagasoft\vjocx.dll -- (vvdsvc [Auto | Stopped])
SRV - [2006/11/23 02:35:50 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/04 01:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2005/08/12 19:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2007/12/05 01:26:40 | 02,782,208 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/05/22 05:04:54 | 00,018,088 | ---- | M] () -- C:\Program Files\ATI Tray Tools\atitray.sys -- (atitray [System | Running])
DRV - [2009/06/09 19:11:47 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/09 19:11:47 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/06/09 19:11:48 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/11/23 02:34:36 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2006/08/25 09:23:08 | 00,044,544 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2006/05/24 20:07:18 | 00,328,237 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
DRV - [2006/05/24 20:01:34 | 00,030,427 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Running])
DRV - [2006/05/24 20:04:04 | 00,851,434 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2006/05/24 20:05:26 | 00,023,271 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL [Auto | Running])
DRV - [2006/05/24 19:58:18 | 00,148,900 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
DRV - [2006/05/24 19:57:00 | 00,045,683 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btwhid.sys -- (btwhid [On_Demand | Stopped])
DRV - [2006/05/24 20:01:22 | 00,030,285 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btwmodem.sys -- (btwmodem [On_Demand | Running])
DRV - [2006/05/24 20:00:50 | 00,066,488 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/01/10 13:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2004/08/12 19:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/07/14 03:01:16 | 00,013,824 | ---- | M] (SingleClick Systems) -- C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys -- (hnmwrlspkt [Auto | Running])
DRV - [2005/07/22 05:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2005/07/22 05:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2008/08/25 12:36:28 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
DRV - [2008/08/25 12:36:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
DRV - [2008/08/25 12:36:30 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
DRV - [2004/09/29 01:02:00 | 00,016,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\ctpdusb2.sys -- (Jukebox [On_Demand | Stopped])
DRV - [2004/03/17 05:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/10 07:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2004/05/14 12:37:10 | 00,032,896 | ---- | M] (NetGroup - Politecnico di Torino) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2006/11/07 09:32:32 | 00,166,400 | ---- | M] (Novatel Wireless Inc) -- C:\WINDOWS\system32\DRIVERS\NWADIenum.sys -- (NWADI [On_Demand | Running])
DRV - [2004/02/13 18:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2006/10/15 11:36:18 | 00,011,136 | ---- | M] (SingleClick Systems) -- C:\WINDOWS\system32\DRIVERS\packet.sys -- (Packet [Auto | Running])
DRV - [2006/12/18 17:45:18 | 00,018,560 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50 [On_Demand | Stopped])
DRV - [2007/10/06 15:28:06 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2004/05/05 23:48:40 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
DRV - [2004/08/10 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2005/10/14 17:40:18 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
DRV - [2005/10/14 17:40:18 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
DRV - [2005/10/14 17:40:18 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys -- (rismxdp [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/04 01:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2004/07/28 10:08:58 | 00,136,576 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\pfc027.sys -- (SoC PC-Camera Service [On_Demand | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2006/12/29 21:07:14 | 00,639,224 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/03/25 01:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2006/03/08 20:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/07/22 05:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/07/14 03:02:22 | 00,013,696 | ---- | M] (SingleClick Systems) -- C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys -- (wsppkt [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-195945399-2459349701-560027845-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061213
IE - HKU\S-1-5-21-195945399-2459349701-560027845-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-195945399-2459349701-560027845-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-195945399-2459349701-560027845-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-195945399-2459349701-560027845-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-195945399-2459349701-560027845-1006\S-1-5-21-195945399-2459349701-560027845-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: dictionary@adarsh.tp:2.1.5
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/06/09 19:11:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/11 22:13:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/11 22:13:03 | 00,000,000 | ---D | M]

[2009/03/20 10:06:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Extensions
[2009/03/20 10:06:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/07 20:16:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Firefox\Profiles\t65nuf2h.del\extensions
[2009/06/11 21:11:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Firefox\Profiles\uz3szjzd.default\extensions
[2009/03/22 09:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Firefox\Profiles\uz3szjzd.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2007/10/25 02:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Firefox\Profiles\uz3szjzd.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2009/03/22 09:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Firefox\Profiles\uz3szjzd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/16 00:03:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Firefox\Profiles\uz3szjzd.default\extensions\dictionary@adarsh.tp
[2009/04/18 21:13:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SAN\Application Data\mozilla\Firefox\Profiles\uz3szjzd.default\extensions\firefox@tvunetworks.com
[2009/06/11 22:26:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/11 22:13:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/16 09:38:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/09/10 17:33:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/06/11 22:12:59 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/11 22:12:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (CitiUSBrowserHelper Class) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-21-195945399-2459349701-560027845-1006..\Run: [cdloader] "C:\Documents and Settings\SAN\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-195945399-2459349701-560027845-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-195945399-2459349701-560027845-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = E3 F8 FF 03 [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-195945399-2459349701-560027845-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} http://download.tvants.com/pub/tvants/tvan.../cab/tvants.cab (TVAnts ActiveX Control)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://livecbn.support.googlepages.com/livetv.ocx (KooPlayer Control)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/08 05:13:16 | 00,000,241 | ---- | M] () - F:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2006/10/08 05:13:16 | 00,000,241 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT ]
O32 - AutoRun File - [2005/07/07 20:34:30 | 00,001,871 | ---- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/12 12:17:23 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/06/11 20:44:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SAN\Application Data\Malwarebytes
[2009/06/11 20:44:51 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/11 20:44:48 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/11 20:44:47 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/11 20:44:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/11 20:44:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/09 19:25:56 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/06/09 19:11:49 | 00,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/09 19:11:48 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/09 19:11:48 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/09 19:11:47 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/09 19:11:40 | 37,066,405 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/09 19:11:40 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/09 19:11:40 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/09 19:11:40 | 00,075,180 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/09 19:11:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/06/09 19:11:29 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/06/09 19:11:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/06/07 20:47:19 | 00,007,168 | -HS- | C] () -- C:\Documents and Settings\SAN\Desktop\Thumbs.db
[2009/05/21 15:50:41 | 01,350,640 | ---- | C] () -- C:\Documents and Settings\SAN\Desktop\WED_SAGAR.jpg
[2009/05/18 13:59:35 | 00,201,728 | ---- | C] () -- C:\Documents and Settings\SAN\Desktop\itinerary.doc
[2009/05/15 17:48:23 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/29 20:57:07 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\PdSACKey.sys
[2008/08/29 20:48:09 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2008/06/16 13:33:47 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/03/02 12:00:44 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/10/31 10:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/09/15 23:36:28 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2007/09/15 23:36:28 | 00,007,196 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AAC.ini
[2007/09/15 23:36:28 | 00,005,028 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP2_AAC.ini
[2007/09/15 23:36:28 | 00,004,296 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Zune.ini
[2007/09/15 23:36:28 | 00,002,910 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AMR.ini
[2007/09/15 23:36:28 | 00,002,175 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPhone.ini
[2007/09/15 23:36:28 | 00,001,739 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_AppleTV.ini
[2007/09/15 23:36:28 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\INI_Add_mfra.ini
[2007/09/15 23:36:27 | 00,006,490 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PSP.ini
[2007/09/15 23:36:27 | 00,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2007/09/15 23:36:27 | 00,002,956 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PMP.ini
[2007/09/15 23:36:27 | 00,002,516 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PPC.ini
[2007/09/15 23:36:27 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2007/09/15 23:36:27 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2007/09/15 23:36:27 | 00,001,878 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Xbox.ini
[2007/09/15 23:36:27 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AMR.ini
[2007/09/15 23:36:27 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AAC.ini
[2007/09/15 23:36:27 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AMR.ini
[2007/09/15 23:36:27 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AAC.ini
[2007/09/15 23:36:26 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/05/17 13:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/12/29 21:07:14 | 00,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/12/28 22:53:58 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/26 20:12:13 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/14 01:31:41 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/14 01:20:34 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/14 01:11:05 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/14 01:07:46 | 00,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/12/14 01:01:06 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/12/14 01:01:05 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/12/14 00:34:38 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/12/14 00:34:10 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/24 20:16:22 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/16 06:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 06:18:43 | 00,000,967 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 06:18:41 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 16:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/04 10:11:06 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\PawLib.dll
[2005/02/17 14:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 14:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/07/28 10:08:58 | 00,136,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
[2004/01/15 08:01:26 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/01/08 10:30:22 | 00,011,170 | ---- | C] () -- C:\WINDOWS\System32\PA207Usd.dll
[2002/10/15 18:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/11/14 15:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/06/12 12:23:23 | 00,428,972 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/12 12:23:23 | 00,073,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/12 12:23:22 | 00,510,062 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/12 12:17:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/12 12:16:03 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\SAN\Local Settings\desktop.ini
[2009/06/12 12:16:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/12 12:15:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/12 11:34:15 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/12 11:20:34 | 37,066,405 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/12 11:19:15 | 00,075,180 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/11 20:44:51 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/09 19:11:49 | 00,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/09 19:11:48 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/09 19:11:48 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/09 19:11:47 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/09 19:11:47 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/09 19:11:40 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/09 19:11:40 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/07 20:47:21 | 00,007,168 | -HS- | M] () -- C:\Documents and Settings\SAN\Desktop\Thumbs.db
[2009/06/04 10:17:19 | 00,000,996 | ---- | M] () -- C:\Documents and Settings\SAN\Desktop\magicJack.lnk
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/21 15:51:39 | 01,350,640 | ---- | M] () -- C:\Documents and Settings\SAN\Desktop\WED_SAGAR.jpg
[2009/05/21 12:47:43 | 00,201,728 | ---- | M] () -- C:\Documents and Settings\SAN\Desktop\itinerary.doc
[2009/05/15 17:48:23 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
< End of report >


------------------------------------

kasperky online scanner

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, June 13, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, June 12, 2009 19:30:33
Records in database: 2338444
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 94251
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 21:07:57

No malware has been detected. The scan area is clean.

The selected area was scanned.

----------------

Thanks for your help Sam, will wait to hear from you ...

S

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:58 AM

Posted 13 June 2009 - 07:56 PM

It definitely wouldn't hurt to run those scans with AVG and Spyware Doctor.

Your log is looking pretty good to me. How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 underemployed

underemployed
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 14 June 2009 - 11:33 AM

Hey Sam
The Spyware doctor still shows me the Trojan-Spy.Gamespass infection. Also AVG sometimes shows me various infections in the H drive which is the hidden drive provided by Dell
I am at my wits end ?
Will ran a complete AVG virus scan again
Thanks for ur help .. will post soon
S

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:58 AM

Posted 15 June 2009 - 10:38 AM

It's not uncommon for a scan to now detect quarantined items or items in system restore. That doesn't mean you have an active infection and those are simple to deal with. Can you post a log from the scans so I can see exactly what they are detecting?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 underemployed

underemployed
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 17 June 2009 - 08:28 PM

I tried running AVG 8 but it takes almost a day to run on my PC (scans abt 60k odd files)
Though spyware doc does not find any spywares or trojans ..

However have noticed that my computer sometimes becomes extremely slow ... so slow that i cannot do anything on it .... after clicking something it takes like 5 minutes to run/open it.
Also this generally happens when i am opening firefox ?

Any thoughts on why thins happens ..

Thanks for all ur help Sam , i really appreciate it

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:58 AM

Posted 18 June 2009 - 10:24 AM

There could be a number of things that cause that. You may have memory going bad or some other type of hardware issue. But before we look at that, take a look at some of the steps you can take with Firefox.

http://support.mozilla.com/en-US/kb/Basic+troubleshooting

Let me know if you notice any improvement.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 underemployed

underemployed
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 18 June 2009 - 01:37 PM

Sam,
this is what i picked off the net on AVG8.0 and Firfox and i quote
"Workaround AVG
Unlike the PC World reader, Michael M. from Texas, a buddy of mine, says that one component of AVG 8.0 -- the LinkScanner Safe Search add-on for Web browsers -- "slowed Firefox hugely, and consequently slowed my system. Once I disabled AVG Safe Search in Firefox, my computer's speed picked back up."

I liked AVG7.5 which was easy on the resources, seems like 8.0 is a memory Hog and takes a long time to scan for other users with less memory (1gb) as well. IS there any other light anti virus that you would recommend ... Like AVAST or Avira perhaps ..

Thanks
S

Edited by underemployed, 18 June 2009 - 03:21 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users