Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijack log - thanks in advance


  • This topic is locked This topic is locked
20 replies to this topic

#1 John Paintsil

John Paintsil

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 24 June 2009 - 03:09 AM

If anyone can be bothered to help, i'll be waiting :D
Cheers x



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:50:02, on 24/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Planex\Common\RaUI.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Planex\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [zanukilora] Rundll32.exe "C:\WINDOWS\system32\godanihe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [zanukilora] Rundll32.exe "C:\WINDOWS\system32\godanihe.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Planex Wireless Utility.lnk = C:\Program Files\Planex\Common\RaUI.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll ,
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: ddcYoMeC - ddcYoMeC.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Planex\Common\RalinkRegistryWriter.exe

--
End of file - 11926 bytes

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 27 June 2009 - 04:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 John Paintsil

John Paintsil
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 29 June 2009 - 12:27 PM

Cheers guys this is my DDS report. Basically my PC has been going very slow compared to how powerful it actually is. Opening programs is painfully slow and even right clicking takes longer then it should!! :thumbup2:
Anyway much appreciated!
x

Attach.txt file


DDS (Ver_09-06-26.01) - NTFSx86
Run by Nicholas at 18:19:14.85 on 29/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2927.2187 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Planex\Common\RaUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Planex\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nicholas\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.speedbit.com/
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {074c1dc5-9320-4a9a-947d-c042949c6216} - ContributeBHO Class
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} -
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [D-Link AirPlus Xtreme G] c:\program files\d-link\airplus xtreme g\AirPlusCFG.exe
mRun: [ANIWZCSService] c:\program files\alpha networks\aniwzcs service\WZCSLDR.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [EPSON Stylus Photo R340 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\nicholas\startm~1\programs\startup\autorunsdisabled\magicdisc.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\planex wireless utility.lnk - c:\program files\planex\common\RaUI.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: ddcYoMeC - ddcYoMeC.dll
AppInit_DLLs: avgrsstx.dll ,
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nicholas\applic~1\mozilla\firefox\profiles\0anids1g.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\nicholas\application data\mozilla\firefox\profiles\0anids1g.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\nicholas\application data\mozilla\firefox\profiles\0anids1g.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-22 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-22 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-22 108552]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-12 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-12 298776]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\planex\common\RalinkRegistryWriter.exe [2009-6-13 69632]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2003-10-22 547744]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-6-13 583680]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-1-26 10976]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-5-28 36928]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-9-25 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-9-25 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-9-25 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-9-25 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-9-25 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-9-25 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-9-25 97704]
S3 xport360_usb_v2;xport360_usb_v2;c:\windows\system32\drivers\xport360_usb_v2.sys [2009-3-7 29184]

=============== Created Last 30 ================

2009-06-24 08:49 <DIR> --d----- c:\program files\Trend Micro
2009-06-24 08:49 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-24 08:49 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-24 08:49 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-13 14:28 <DIR> --d----- c:\program files\XLink Kai
2009-06-13 07:34 376,832 a------- c:\windows\system32\AegisI5Installer.exe
2009-06-13 07:34 21,361 a------- c:\windows\system32\drivers\AegisP.sys
2009-06-13 07:34 583,680 a------- c:\windows\system32\drivers\rt2870.sys
2009-06-13 07:34 438,272 a------- c:\windows\system32\RaCoInst.dll
2009-06-13 07:34 11,783 a------- c:\windows\system32\RaCoInst.dat
2009-06-13 07:34 4,096 a------- c:\windows\system32\drivers\rt2870.bin
2009-06-13 07:34 <DIR> --d----- c:\program files\Planex
2009-06-10 18:52 <DIR> --d----- c:\program files\Peggle
2009-06-07 14:22 <DIR> --d----- c:\program files\iPod

==================== Find3M ====================

2009-06-25 18:06 36,928 a------- c:\windows\system32\drivers\pssdk41.sys
2009-06-12 11:47 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-10 09:53 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-10 09:53 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 05:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 05:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-29 03:18 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-04-29 03:17 335,872 a------- c:\windows\system32\ati2dvag.dll
2009-04-29 03:07 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-04-29 03:06 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-04-29 03:06 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-04-29 03:06 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-04-29 03:06 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-04-29 03:04 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-04-29 03:03 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-04-29 03:00 311,296 a------- c:\windows\system32\atiiiexx.dll
2009-04-29 02:56 2,997,536 a------- c:\windows\system32\ati3duag.dll
2009-04-29 02:45 11,603,968 a------- c:\windows\system32\atioglxx.dll
2009-04-29 02:42 2,687,872 a------- c:\windows\system32\ativvaxx.dll
2009-04-29 02:26 49,664 a------- c:\windows\system32\atimpc32.dll
2009-04-29 02:26 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-04-29 02:22 479,232 a------- c:\windows\system32\atikvmag.dll
2009-04-29 02:20 45,056 a------- c:\windows\system32\aticalrt.dll
2009-04-29 02:20 45,056 a------- c:\windows\system32\aticalcl.dll
2009-04-29 02:20 135,168 a------- c:\windows\system32\atiadlxx.dll
2009-04-29 02:19 17,408 a------- c:\windows\system32\atitvo32.dll
2009-04-29 02:18 3,280,896 a------- c:\windows\system32\aticaldd.dll
2009-04-29 02:17 303,104 a------- c:\windows\system32\atiok3x2.dll
2009-04-29 02:13 630,784 a------- c:\windows\system32\ati2cqag.dll
2009-04-28 21:05 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-01 20:59 188,348 a------- c:\windows\system32\atiicdxx.dat
2008-09-02 11:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090220080903\index.dat

============= FINISH: 18:19:49.42 ===============

#4 John Paintsil

John Paintsil
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 01 July 2009 - 11:11 AM

bump?

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:36 PM

Posted 01 July 2009 - 12:03 PM

Hi johnpaintsil,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:36 PM

Posted 01 July 2009 - 12:12 PM

Hi johnpaintsil,

Let's get started then. :)

You have a couple of traces of malware in your log so we need to check those out a bit more.

First, there's a known rogue program in your trusted zone. We need to clear that zone.

Firstly download: DelDomains.inf
Locate DelDomains.inf right-click and select: Install
Note: you will not see any on-screen action ...
This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones.
Note once you do this, any previous restricted zone hacks (spywareblaster, ie-spyad, etc) will need to be reapplied.[/list]
Then we'll check for hidden threats

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

Next up

I see you have Malwarebytes Antimalware already. Please run MBAM on full scan

Finally, a better look at your PC

We need to create an OTL Report
  • Please download OTL from the mirror:
    [http://oldtimer.geekstogo.com/OTL.exe]This is THE Mirror[/url]
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 John Paintsil

John Paintsil
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 01 July 2009 - 01:44 PM

Ok thanks! I will try this :D

MUCH APPRECIATED :thumbup2:

#8 John Paintsil

John Paintsil
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 01 July 2009 - 02:25 PM

OTL REPORT

OTL logfile created on: 01/07/2009 20:17:01 - Run 1
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\Nicholas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 98.15% Memory free
4.00 Gb Paging File | 3.41 Gb Available in Paging File | 85.23% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 36.96 Gb Free Space | 15.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 2.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICK
Current User Name: Nicholas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/04/29 03:04:44 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/04/29 03:04:44 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/09/10 14:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/11/04 17:00:16 | 02,502,656 | ---- | M] (D-Link) -- C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
PRC - [2003/08/21 16:12:02 | 00,032,768 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
PRC - [2009/06/12 11:47:24 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2002/01/05 03:10:10 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/04/16 15:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2007/05/10 22:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2008/12/18 14:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/12/18 13:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2009/04/28 19:05:04 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\gmer\gmer.exe
PRC - [2009/06/13 02:34:02 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/10 09:53:55 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2002/01/05 03:10:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/18 16:05:43 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/10 09:53:55 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/05/13 15:12:54 | 00,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Planex\Common\RalinkRegistryWriter.exe
PRC - [2009/06/17 11:49:15 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2009/05/10 09:53:58 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2008/09/29 14:52:41 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/06/17 11:27:48 | 01,287,440 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/07/01 20:03:16 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe
PRC - [2008/04/14 01:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/09/10 14:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
SRV - [2007/04/13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/04/29 03:04:44 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/04/28 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/06/17 11:49:15 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/05/10 09:53:55 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2007/04/13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/09/29 14:52:41 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2002/01/05 03:10:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [Disabled | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/05/13 15:12:54 | 00,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Planex\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/05/23 04:15:00 | 00,547,744 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\System32\DRIVERS\A3AB.sys -- (A3AB [On_Demand | Running])
DRV - [2009/06/13 07:34:15 | 00,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2008/01/24 16:36:16 | 04,127,488 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2006/06/18 23:37:34 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2003/05/05 18:25:48 | 00,028,205 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO.SYS -- (ANIO [Auto | Running])
DRV - [2005/12/23 11:22:18 | 00,005,685 | R--- | M] () -- C:\WINDOWS\System32\drivers\AsIO.sys -- (AsIO [System | Running])
DRV - [2009/04/29 04:30:44 | 03,643,904 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/06/12 11:47:26 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/17 11:49:16 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/10 09:53:57 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2008/02/27 13:49:00 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt [System | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/01/26 16:36:29 | 00,010,976 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\DRIVERS\ggflt.sys -- (ggflt [On_Demand | Stopped])
DRV - [2009/01/26 16:36:29 | 00,022,368 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\DRIVERS\ggsemc.sys -- (ggsemc [On_Demand | Stopped])
DRV - [2006/12/28 17:44:44 | 00,084,992 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdAud.sys -- (HdAudAddService [On_Demand | Running])
DRV - [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/01/14 11:06:32 | 00,021,632 | ---- | M] (ManyCam LLC.) -- C:\WINDOWS\System32\DRIVERS\ManyCam.sys -- (ManyCam [On_Demand | Running])
DRV - [2008/07/28 17:19:28 | 00,116,736 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running])
DRV - [2007/01/30 01:16:42 | 00,006,144 | ---- | M] () -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter [On_Demand | Stopped])
DRV - [2009/06/25 18:06:10 | 00,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\Drivers\pssdk41.sys -- (PsSdk41 [On_Demand | Stopped])
DRV - [2001/08/23 17:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/07/23 17:50:48 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/07/08 23:06:36 | 00,583,680 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\DRIVERS\rt2870.sys -- (rt2870 [On_Demand | Stopped])
DRV - [2006/02/26 22:46:20 | 00,081,408 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/06/19 09:51:16 | 00,081,832 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816bus.sys -- (s816bus [On_Demand | Stopped])
DRV - [2007/06/19 09:51:18 | 00,013,864 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816mdfl.sys -- (s816mdfl [On_Demand | Stopped])
DRV - [2007/06/19 09:51:20 | 00,107,304 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816mdm.sys -- (s816mdm [On_Demand | Stopped])
DRV - [2007/06/19 09:51:18 | 00,099,112 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816mgmt.sys -- (s816mgmt [On_Demand | Stopped])
DRV - [2007/06/19 09:51:18 | 00,021,928 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816nd5.sys -- (s816nd5 [On_Demand | Stopped])
DRV - [2007/06/19 09:51:18 | 00,097,320 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816obex.sys -- (s816obex [On_Demand | Stopped])
DRV - [2007/06/19 09:51:18 | 00,097,704 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\s816unic.sys -- (s816unic [On_Demand | Stopped])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/06/08 00:19:43 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/09/10 19:26:21 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2001/05/07 12:56:02 | 00,019,805 | ---- | M] (Thesycon GmbH, Germany) -- C:\WINDOWS\System32\Drivers\usbio.sys -- (USBIO [On_Demand | Stopped])
DRV - [2006/11/02 08:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\WinUSB.sys -- (WinUSB [On_Demand | Stopped])
DRV - [2007/02/08 14:45:14 | 00,029,184 | ---- | M] (Thesycon GmbH, Germany) -- C:\WINDOWS\System32\Drivers\xport360_usb_v2.sys -- (xport360_usb_v2 [On_Demand | Stopped])
DRV - [2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-220523388-682003330-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-220523388-682003330-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-220523388-682003330-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
IE - HKU\S-1-5-21-220523388-682003330-839522115-1003\S-1-5-21-220523388-682003330-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-220523388-682003330-839522115-1003\S-1-5-21-220523388-682003330-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: iaplayer@instantaction.com:0.4.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.02
FF - prefs.js..extensions.enabledItems: dave2x@download:0.5.9
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..keyword.URL: "http://search.speedbit.com/searchresults.asp?src=default&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/17 11:50:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2002/01/05 03:10:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/18 22:14:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/13 02:34:06 | 00,000,000 | ---D | M]

[2008/08/26 17:48:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\mozilla\Extensions
[2008/08/26 17:48:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/30 18:37:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\mozilla\Firefox\Profiles\0anids1g.default\extensions
[2008/05/31 10:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\mozilla\Firefox\Profiles\0anids1g.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2009/05/10 03:33:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\mozilla\Firefox\Profiles\0anids1g.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/03/25 13:45:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\mozilla\Firefox\Profiles\0anids1g.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/04/27 17:57:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\mozilla\Firefox\Profiles\0anids1g.default\extensions\chenyanxu8821@163.com
[2009/04/09 23:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\mozilla\Firefox\Profiles\0anids1g.default\extensions\dave2x@download
[2009/05/16 15:00:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\mozilla\Firefox\Profiles\0anids1g.default\extensions\firefox@tvunetworks.com
[2008/10/02 19:26:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nicholas\Application Data\mozilla\Firefox\Profiles\0anids1g.default\extensions\iaplayer@instantaction.com
[2009/06/30 15:35:05 | 00,000,931 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\FireFox\Profiles\0anids1g.default\searchplugins\dictionary.xml
[2009/06/30 15:33:05 | 00,002,042 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\FireFox\Profiles\0anids1g.default\searchplugins\facebook.xml
[2008/12/10 10:15:12 | 00,001,504 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\FireFox\Profiles\0anids1g.default\searchplugins\imdb.xml
[2008/05/23 19:43:06 | 00,001,032 | ---- | M] () -- C:\Documents and Settings\Nicholas\Application Data\Mozilla\FireFox\Profiles\0anids1g.default\searchplugins\wikipedia-eng.xml
[2009/06/30 18:37:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 21:38:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/05/23 19:27:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/09/09 15:18:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2002/01/05 03:10:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/06/13 02:34:02 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/13 02:34:02 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/03/19 19:23:20 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/01/23 07:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2002/01/05 03:10:10 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/11/21 22:45:04 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/07/23 17:47:46 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/03/20 18:21:26 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/06/13 02:34:02 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/05/10 22:52:33 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/07 14:20:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/07 14:20:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/07 14:20:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/07 14:20:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/07 14:20:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/07 14:20:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/07 14:20:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/09/29 15:53:30 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/29 15:53:30 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/29 15:53:30 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/16 16:50:46 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/29 15:53:30 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/29 15:53:30 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/29 15:53:30 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - Reg Error: Value error. File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-220523388-682003330-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-220523388-682003330-839522115-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [zanukilora] C:\WINDOWS\System32\godanihe.DLL File not found
O4 - HKU\S-1-5-20..\Run: [zanukilora] C:\WINDOWS\System32\godanihe.DLL File not found
O4 - HKU\S-1-5-21-220523388-682003330-839522115-1003..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2009/06/30 15:54:54 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Nicholas\Start Menu\Programs\Startup\AutorunsDisabled [2009/06/24 09:05:31 | 00,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-682003330-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-682003330-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\ddcYoMeC: DllName - ddcYoMeC.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/22 12:05:15 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/10/13 19:44:59 | 00,136,448 | R--- | M] (Sports Interactive) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/07/25 18:10:55 | 00,000,027 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{87237924-573e-11de-9342-0017318a69b3}\Shell\AutoRun\command - "" = I:\WDSetup.exe -- File not found
O33 - MountPoints2\{cf246904-685d-11dd-9bc7-000f3dae4e2a}\Shell - "" = AutoRun
O33 - MountPoints2\{cf246904-685d-11dd-9bc7-000f3dae4e2a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf246904-685d-11dd-9bc7-000f3dae4e2a}\Shell\AutoRun\command - "" = I:\AUTORUN.EXE -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/07/01 20:03:11 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe
[2009/07/01 19:51:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\gmer
[2009/07/01 19:51:06 | 00,278,221 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\gmer.zip
[2009/07/01 19:50:11 | 00,001,432 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\DelDomains.inf
[2009/06/30 15:54:54 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2009/06/29 18:21:23 | 00,003,387 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\Attach.rar
[2009/06/24 09:05:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Nicholas\Start Menu\Programs\Startup\AutorunsDisabled
[2009/06/24 08:49:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/24 08:49:04 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/24 08:49:03 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/24 08:49:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/19 09:16:26 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\NICHOLAS HOUGHTON.doc
[2009/06/16 15:20:02 | 00,013,018 | ---- | C] () -- C:\Documents and Settings\Nicholas\Desktop\NICHOLAS HOUGHTON.docx
[2009/06/15 03:01:05 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/06/13 14:28:13 | 00,000,000 | ---D | C] -- C:\Program Files\XLink Kai
[2009/06/13 07:34:15 | 00,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2009/06/13 07:34:09 | 00,583,680 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2009/06/13 07:34:09 | 00,438,272 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dll
[2009/06/13 07:34:08 | 00,011,783 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009/06/13 07:34:08 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2870.bin
[2009/06/13 07:34:05 | 00,000,000 | ---D | C] -- C:\Program Files\Planex
[2009/06/13 07:33:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Application Data\InstallShield
[2009/06/12 11:48:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicholas\Desktop\The Great Gatsby - F.S.Fitzgerald (Audiobook)
[2009/06/10 18:52:52 | 00,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Peggle.lnk
[2009/06/10 18:52:45 | 00,000,000 | ---D | C] -- C:\Program Files\Peggle
[2009/06/07 14:23:06 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/07 14:22:48 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/06/07 14:19:56 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/04/14 13:53:46 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/04/11 18:57:22 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/11 18:57:19 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/11 18:57:18 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/11 18:57:17 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/11 18:57:17 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/30 11:19:00 | 01,266,776 | -HS- | C] () -- C:\WINDOWS\System32\okuwotun.ini
[2008/09/29 15:12:13 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/07/23 17:50:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 17:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 17:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/06/08 00:19:42 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/06/03 11:44:55 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/06/01 11:06:05 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/05/23 18:34:44 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/05/23 17:10:19 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/05/23 17:10:19 | 00,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/05/23 17:10:17 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/05/23 17:10:17 | 00,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/05/23 16:41:48 | 00,014,842 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/05/23 16:41:42 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/05/22 12:42:10 | 00,651,264 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/05/22 12:42:10 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/06/24 01:20:02 | 00,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2001/08/23 17:00:00 | 00,000,661 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 17:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[11 C:\WINDOWS\*.tmp files]
[2009/07/01 20:03:16 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicholas\Desktop\OTL.exe
[2009/07/01 20:00:00 | 00,000,316 | ---- | M] () -- C:\WINDOWS\tasks\bdnnisho.job
[2009/07/01 19:54:56 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/07/01 19:54:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/01 19:53:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/01 19:52:19 | 05,919,160 | -H-- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\IconCache.db
[2009/07/01 19:52:01 | 00,000,661 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/01 19:52:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/01 19:52:01 | 00,000,223 | RHS- | M] () -- C:\boot.ini
[2009/07/01 19:51:08 | 00,278,221 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\gmer.zip
[2009/07/01 19:50:12 | 00,001,432 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\DelDomains.inf
[2009/07/01 11:48:03 | 37,609,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/01 11:48:03 | 00,002,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/30 14:25:31 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/29 18:21:24 | 00,003,387 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\Attach.rar
[2009/06/29 17:55:22 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/27 13:19:53 | 00,066,048 | ---- | M] () -- C:\Documents and Settings\Nicholas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/25 18:51:06 | 00,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/06/25 18:06:10 | 00,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk41.sys
[2009/06/24 13:16:58 | 00,432,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/24 13:16:58 | 00,076,864 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/24 13:16:58 | 00,003,638 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/23 08:12:19 | 00,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/06/22 00:03:45 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/06/19 09:16:27 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\NICHOLAS HOUGHTON.doc
[2009/06/18 14:49:12 | 00,013,018 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\NICHOLAS HOUGHTON.docx
[2009/06/17 11:49:16 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/16 15:08:47 | 00,002,523 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\Microsoft Office Word 2007.lnk
[2009/06/13 07:34:15 | 00,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2009/06/12 21:11:39 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.INI
[2009/06/12 19:28:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/12 11:47:26 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/10 18:52:52 | 00,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Peggle.lnk
[2009/06/10 12:38:05 | 01,561,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/10 08:06:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/07 14:23:06 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Application Data\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
< End of report >




EXTRAS

OTL Extras logfile created on: 01/07/2009 20:04:48 - Run 1
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\Nicholas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.63 Gb Available in Paging File | 90.72% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 36.97 Gb Free Space | 15.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 2.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICK
Current User Name: Nicholas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"12178:TCP" = 12178:TCP:*:Enabled:BitComet 12178 TCP
"12178:UDP" = 12178:UDP:*:Enabled:BitComet 12178 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/02/06 19:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009/06/12 11:46:39 | 01,085,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/06/17 11:49:15 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
[2009/02/15 14:21:04 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2007/08/07 18:28:40 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- H:\PSP\GAME150\CSPSP 1.56 SOURCE\CSPSP-S Server\CSPSPServer.exe:*:Enabled:CSPSPServer
[2008/07/20 01:42:22 | 00,643,072 | ---- | M] () -- C:\Documents and Settings\Nicholas\Desktop\PSP\CSPSP-S Server\CSPSPServer.exe:*:Enabled:CSPSPServer
[2009/04/17 03:30:12 | 12,438,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/08/29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
File not found -- C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008
File not found -- C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe:*:Disabled:Football Manager 2009 Demo
File not found -- C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek
[2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2008/09/10 14:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe:*:Enabled:aawservice
[2009/02/28 09:54:35 | 28,364,800 | ---- | M] (Sports Interactive) -- C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009
[2008/12/16 15:41:12 | 00,060,632 | ---- | M] () -- C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service
File not found -- C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify
[2009/02/06 19:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/06/13 02:34:02 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2009/04/20 15:57:40 | 01,719,496 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
[2009/04/15 14:43:38 | 00,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
[2009/04/25 06:27:50 | 00,636,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2008/07/20 00:08:56 | 02,469,888 | ---- | M] (http://www.teamxlink.co.uk (Team XLink)) -- C:\Program Files\XLink Kai\kaiEngine.exe:*:Enabled:XLink Kai Engine
[2009/05/30 12:30:22 | 14,073,640 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Documents and Settings\Nicholas\Desktop\pftwin\testports.exe:*:Enabled:testports


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2773B836-AC66-4178-A414-C5A0F9F5D805}" = XLink Kai
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2FD9998F-B3F3-10D6-A31E-8E021337EC0B}" = CCC Help English
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32BBD344-47DB-7027-7E1D-13DB78415784}" = ccc-core-preinstall
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A098C87-FA43-E81C-B206-4E0ADF7287B5}" = ccc-utility
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{74FCFEA6-7447-4BDB-BFEC-FF195AA62A13}" = ANIWZCS Service
"{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus Xtreme G
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = GW-USMini2N
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AE86AE81-CD7F-496F-A39F-0210C985E71B}" = FM Modifier 2.24
"{B0889CBC-F889-A895-4EE9-8E0260C7D63F}" = Catalyst Control Center HydraVision Full
"{B10A4ACC-118A-8E9D-2CF3-A19BBC73B9C2}" = Catalyst Control Center Graphics Full Existing
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B31CBE94-F497-9273-5766-DD4E11AA2D55}" = Catalyst Control Center Graphics Full New
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA60C8FC-6712-5116-231C-6C5E05060866}" = Catalyst Control Center Graphics Light
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{C1EDC38F-2760-4A4E-9CED-95B53024134C}" = VersionTracker Pro Windows
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB654885-263B-E696-5690-3B341C22EC17}" = Catalyst Control Center Core Implementation
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}" = Sony Ericsson PC Suite
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0520079-4024-8B23-738F-EC0792AA3502}" = ccc-core-static
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB62FD97-DAA9-BEE9-1A31-3A47E33F4E24}" = Catalyst Control Center Graphics Previews Common
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"360Xploder" = Xbox360 Xploder Cheatsaves
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.5
"Belarc Advisor" = Belarc Advisor 7.2
"DriverAgent.exe" = DriverAgent by TouchStone Software
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"FMRo Premiership / La Liga Graphic Pack" = FMRo Premiership / La Liga Graphic Pack
"Football Manager 2009" = Football Manager 2009
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.5 Full
"LimeWire" = LimeWire PRO 4.14.3
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.3 (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft DirectX SDK (November 2008)" = Microsoft DirectX SDK (November 2008)
"mIRC" = mIRC
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Orbit_is1" = Orbit Downloader
"PeerGuardian_is1" = PeerGuardian 2.0
"Peggle" = Peggle (remove only)
"Smart Defrag_is1" = Smart Defrag 1.11
"SystemRequirementsLab" = System Requirements Lab
"Unlocker" = Unlocker 1.8.7
"Update Service" = Update Service
"Veetle TV" = Veetle TV 0.9.14
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"XPort 360_is1" = XPort 360

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/02/2009 08:18:26 | Computer Name = NICK | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 04/03/2009 09:38:05 | Computer Name = NICK | Source = Windows Live Messenger | ID = 1000
Description =

Error - 05/03/2009 19:28:15 | Computer Name = NICK | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libvlc.dll,
version 0.0.0.0, fault address 0x0001177f.

Error - 09/03/2009 18:32:05 | Computer Name = NICK | Source = MsiInstaller | ID = 11316
Description = Product: Windows Live Sign-in Assistant -- Error 1316. A network error
occurred while attempting to read from the file: C:\WINDOWS\TEMP\IXP000.TMP\Install_{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}.msi

Error - 30/03/2009 16:26:52 | Computer Name = NICK | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 12/04/2009 14:50:06 | Computer Name = NICK | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 12/04/2009 17:25:53 | Computer Name = NICK | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 12/04/2009 17:29:50 | Computer Name = NICK | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 14/04/2009 16:22:46 | Computer Name = NICK | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5512, fault address 0x00059297.

[ OSession Events ]
Error - 10/05/2009 14:06:37 | Computer Name = NICK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10604
seconds with 240 seconds of active time. This session ended with a crash.

Error - 10/05/2009 14:06:54 | Computer Name = NICK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/05/2009 14:07:17 | Computer Name = NICK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/06/2009 11:01:46 | Computer Name = NICK | Source = ati2mtag | ID = 43034
Description = Unknown EDID version

Error - 13/06/2009 02:35:42 | Computer Name = NICK | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000F3DAE4E2A. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 13/06/2009 02:48:36 | Computer Name = NICK | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000F3DAE4E2A. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 13/06/2009 05:33:32 | Computer Name = NICK | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{980BADA7-C70B-4430-A9E7-2011328A776D}
because another computer on the network has the same name. The server could not
start.

Error - 15/06/2009 07:37:39 | Computer Name = NICK | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000F3DAE4E2A. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 20/06/2009 08:34:24 | Computer Name = NICK | Source = WMPNetworkSvc | ID = 866333
Description = Proximity detection failed due to unknown error '0x80004004'. The
best proximity time detected was -1 milliseconds.

Error - 24/06/2009 16:10:39 | Computer Name = NICK | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.

Error - 29/06/2009 14:07:08 | Computer Name = NICK | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0090CCC90D72. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 29/06/2009 14:58:35 | Computer Name = NICK | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{D089DD4E-8F71-4F25-8CBE-B2AB29DB7A86}
because another computer on the network has the same name. The server could not
start.

Error - 29/06/2009 16:22:02 | Computer Name = NICK | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0090CCC90D72. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.


< End of report >

#9 John Paintsil

John Paintsil
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 01 July 2009 - 03:15 PM

Also the GMER did not have any warnings... I also followed your orders to press OK, but it just closed - not sure what to do.

Malwarebytes has found no infections either.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:36 PM

Posted 01 July 2009 - 03:26 PM

Can you try and run Gmer again please.

If it fails again we'll use an other rootkit tool. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 John Paintsil

John Paintsil
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 02 July 2009 - 02:06 AM

GMER pulled through this time :thumbup2:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-02 07:56:20
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spko.sys ZwCreateKey [0xB9EA80E0]
SSDT spko.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spko.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spko.sys ZwOpenKey [0xB9EA80C0]
SSDT spko.sys ZwQueryKey [0xB9EC7108]
SSDT spko.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spko.sys ZwSetValueKey [0xB9EC719A]

INT 0x62 ? 8AD50BF8
INT 0x63 ? 8AD50BF8
INT 0x63 ? 8AD50BF8
INT 0x63 ? 8AD50BF8
INT 0x74 ? 8AAC2BF8
INT 0x74 ? 8AAC2BF8
INT 0x74 ? 8AAC2BF8
INT 0x74 ? 8AAC2BF8
INT 0x74 ? 8AAC2BF8
INT 0x74 ? 8AAC2BF8
INT 0x82 ? 8AD50BF8

---- Kernel code sections - GMER 1.0.15 ----

? spko.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B97A98AC 5 Bytes JMP 8AAC21D8
.text ao69fd7f.SYS B9304384 1 Byte [20]
.text ao69fd7f.SYS B9304384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text ao69fd7f.SYS B93043AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text ao69fd7f.SYS B93043C4 3 Bytes [00, 00, 00]
.text ao69fd7f.SYS B93043C9 1 Byte [00]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spko.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spko.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spko.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spko.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spko.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spko.sys
IAT \SystemRoot\System32\Drivers\ao69fd7f.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\ao69fd7f.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\ao69fd7f.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\ao69fd7f.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\ao69fd7f.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\ao69fd7f.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\ao69fd7f.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\ao69fd7f.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\ao69fd7f.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\ao69fd7f.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\ao69fd7f.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\ao69fd7f.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\ao69fd7f.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\ao69fd7f.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\ao69fd7f.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AD4F1F8
Device \FileSystem\Fastfat \FatCdrom 8988C1F8
Device \FileSystem\Udfs \UdfsCdRom 8A954500
Device \FileSystem\Udfs \UdfsDisk 8A954500

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-0 8AAC11F8
Device \Driver\usbuhci \Device\USBPDO-1 8AAC11F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8ACE01F8
Device \Driver\dmio \Device\DmControl\DmConfig 8ACE01F8
Device \Driver\dmio \Device\DmControl\DmPnP 8ACE01F8
Device \Driver\dmio \Device\DmControl\DmInfo 8ACE01F8
Device \Driver\usbuhci \Device\USBPDO-2 8AAC11F8
Device \Driver\sptd \Device\715061708 spko.sys
Device \Driver\usbuhci \Device\USBPDO-3 8AAC11F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{32A0B162-3A69-428A-B7E4-3CDB2F3BD6EC} 8A82D500
Device \Driver\usbehci \Device\USBPDO-4 8AA941F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8AD511F8
Device \Driver\Cdrom \Device\CdRom0 8AAD81F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{980BADA7-C70B-4430-A9E7-2011328A776D} 8A82D500
Device \Driver\Cdrom \Device\CdRom1 8AAD81F8
Device \Driver\Cdrom \Device\CdRom2 8AAD81F8
Device \Driver\Cdrom \Device\CdRom3 8AAD81F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A82D500
Device \Driver\NetBT \Device\NetbiosSmb 8A82D500
Device \Driver\PCI_PNP7958 \Device\0000004d spko.sys

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8AAC11F8
Device \Driver\usbuhci \Device\USBFDO-1 8AAC11F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A8F7500
Device \Driver\usbuhci \Device\USBFDO-2 8AAC11F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A8F7500
Device \Driver\usbuhci \Device\USBFDO-3 8AAC11F8
Device \Driver\Ftdisk \Device\FtControl 8AD511F8
Device \Driver\usbehci \Device\USBFDO-4 8AA941F8
Device \Driver\ao69fd7f \Device\Scsi\ao69fd7f1Port5Path0Target0Lun0 8AA301F8
Device \Driver\ao69fd7f \Device\Scsi\ao69fd7f1 8AA301F8
Device \FileSystem\Fastfat \Fat 8988C1F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A93D3E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x58 0x63 0xE0 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0x55 0x3F 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5C 0x5C 0xA9 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x25 0x5B 0x1A 0x69 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x58 0x63 0xE0 0x48 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0x55 0x3F 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5C 0x5C 0xA9 0x2F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x25 0x5B 0x1A 0x69 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x58 0x63 0xE0 0x48 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0x55 0x3F 0x16 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5C 0x5C 0xA9 0x2F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x25 0x5B 0x1A 0x69 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xA5 0x2C 0x0A 0xA8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{f2ff2474-0dc7-442a-a992-a4b5ed5e221a}@Model 314
Reg HKLM\SOFTWARE\Classes\CLSID\{f2ff2474-0dc7-442a-a992-a4b5ed5e221a}@Therad 20
Reg HKLM\SOFTWARE\Classes\CLSID\{f2ff2474-0dc7-442a-a992-a4b5ed5e221a}@MData 0xCB 0x9B 0xAD 0xEF ...

---- EOF - GMER 1.0.15 ----

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:36 PM

Posted 02 July 2009 - 04:58 PM

Okay, John Paintsil,

Gmer is clean as were the scans before it.

Are you still experiencing any symptoms other than a slow system?

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to your desktop (click file, save as) as fixit.reg In the same open notepad, at the bottom select:(filetype = any).

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcYoMeC]

NOTICE: This file was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Locate fixit.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Please reply back letting me know if it merged correctly.

Please also post new DDS logs.

Thanks :thumbup2:

Edited by m0le, 02 July 2009 - 05:04 PM.

Posted Image
m0le is a proud member of UNITE

#13 John Paintsil

John Paintsil
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 03 July 2009 - 04:29 AM

The fixit.reg thing was successful. Possibly my pc is running slow due to hardware? Some of my hardware is outdated i.e. motherboard and processor. But then again when I installed other hardware it was working fine. It is only recently it is going slower. Who knows...

#14 John Paintsil

John Paintsil
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 03 July 2009 - 04:30 AM

DDS report


DDS (Ver_09-06-26.01) - NTFSx86
Run by Nicholas at 10:26:30.95 on 03/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2927.2197 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Planex\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Nicholas\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.speedbit.com/
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {074c1dc5-9320-4a9a-947d-c042949c6216} - ContributeBHO Class
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} -
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [D-Link AirPlus Xtreme G] c:\program files\d-link\airplus xtreme g\AirPlusCFG.exe
mRun: [ANIWZCSService] c:\program files\alpha networks\aniwzcs service\WZCSLDR.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [EPSON Stylus Photo R340 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\nicholas\startm~1\programs\startup\autorunsdisabled\magicdisc.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autorunsdisabled\planex wireless utility.lnk - c:\program files\planex\common\RaUI.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: avgrsstx.dll ,
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nicholas\applic~1\mozilla\firefox\profiles\0anids1g.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\nicholas\application data\mozilla\firefox\profiles\0anids1g.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\nicholas\application data\mozilla\firefox\profiles\0anids1g.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-22 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-22 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-22 108552]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-12 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-12 298776]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\planex\common\RalinkRegistryWriter.exe [2009-6-13 69632]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2003-10-22 547744]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-1-26 10976]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-5-28 36928]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-6-13 583680]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-9-25 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-9-25 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-9-25 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-9-25 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-9-25 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-9-25 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-9-25 97704]
S3 xport360_usb_v2;xport360_usb_v2;c:\windows\system32\drivers\xport360_usb_v2.sys [2009-3-7 29184]

=============== Created Last 30 ================

2009-07-02 17:26 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-07-02 17:26 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-06-24 08:49 <DIR> --d----- c:\program files\Trend Micro
2009-06-24 08:49 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-24 08:49 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-24 08:49 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-13 14:28 <DIR> --d----- c:\program files\XLink Kai
2009-06-13 07:34 376,832 a------- c:\windows\system32\AegisI5Installer.exe
2009-06-13 07:34 21,361 a------- c:\windows\system32\drivers\AegisP.sys
2009-06-13 07:34 583,680 a------- c:\windows\system32\drivers\rt2870.sys
2009-06-13 07:34 438,272 a------- c:\windows\system32\RaCoInst.dll
2009-06-13 07:34 11,783 a------- c:\windows\system32\RaCoInst.dat
2009-06-13 07:34 4,096 a------- c:\windows\system32\drivers\rt2870.bin
2009-06-13 07:34 <DIR> --d----- c:\program files\Planex
2009-06-10 18:52 <DIR> --d----- c:\program files\Peggle
2009-06-07 14:22 <DIR> --d----- c:\program files\iPod

==================== Find3M ====================

2009-06-25 18:06 36,928 a------- c:\windows\system32\drivers\pssdk41.sys
2009-06-12 11:47 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-10 09:53 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-10 09:53 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 05:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 05:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-29 03:18 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-04-29 03:17 335,872 a------- c:\windows\system32\ati2dvag.dll
2009-04-29 03:07 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-04-29 03:06 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-04-29 03:06 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-04-29 03:06 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-04-29 03:06 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-04-29 03:04 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-04-29 03:03 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-04-29 03:00 311,296 a------- c:\windows\system32\atiiiexx.dll
2009-04-29 02:56 2,997,536 a------- c:\windows\system32\ati3duag.dll
2009-04-29 02:45 11,603,968 a------- c:\windows\system32\atioglxx.dll
2009-04-29 02:42 2,687,872 a------- c:\windows\system32\ativvaxx.dll
2009-04-29 02:26 49,664 a------- c:\windows\system32\atimpc32.dll
2009-04-29 02:26 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-04-29 02:22 479,232 a------- c:\windows\system32\atikvmag.dll
2009-04-29 02:20 45,056 a------- c:\windows\system32\aticalrt.dll
2009-04-29 02:20 45,056 a------- c:\windows\system32\aticalcl.dll
2009-04-29 02:20 135,168 a------- c:\windows\system32\atiadlxx.dll
2009-04-29 02:19 17,408 a------- c:\windows\system32\atitvo32.dll
2009-04-29 02:18 3,280,896 a------- c:\windows\system32\aticaldd.dll
2009-04-29 02:17 303,104 a------- c:\windows\system32\atiok3x2.dll
2009-04-29 02:13 630,784 a------- c:\windows\system32\ati2cqag.dll
2009-04-28 21:05 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-09-02 11:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090220080903\index.dat

============= FINISH: 10:27:13.06 ===============

Attached Files



#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:36 PM

Posted 03 July 2009 - 04:45 AM

I'm starting to think this is not a malware issue John Paintsil. However, there was definitely traces of malware in your log before. This is now not present in the DDS log.

Let's run an online scan to do a final check.

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users