Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't connect to internet except for in safe mode


  • This topic is locked This topic is locked
21 replies to this topic

#1 afella

afella

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MO
  • Local time:12:48 PM

Posted 11 July 2009 - 11:43 AM

Hi,

After opening a fake link I was taken to a site that instantly attacked my computer. Immediately I got a barrage of popups for "spyware removers" and a fake antivirus scan reports. The virus also changed my desktop and then began to force shut down everything on the comp bar itself. I couldnt open the internet or run any programs, nor could I force close down the virus program because windows task manager was disabled.

I rebooted in safe mode, which worked, and ran a quick and full scan with Malwarebytes. (I posted those logs down the very bottom of the thread also) After that, the computer seemed ok and I could open programs and whatnot but my internet is now not functioning. I have tried every browser available and my wireless box is telling me I have connectivity but websites are taking infinitely long to load up. Safe modes internet is working, but the speed on that is snailing slow for some reason. (dunno if thats related) I'm guessing I didnt completely get rid of all traces of the virus...

Anyone have any ideas?


-----------------------
DDS LOG
-----------------------

-------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by p at 11:26:46.25 on Sat 07/11/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2477 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS.0\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS.0\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS.0\Explorer.EXE
svchost
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Antivirus Spyware package\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows.0\system32\ctfmon.exe
uRun: [VistaStartMenu] "c:\program files\vista start menu\VistaStartMenu.exe"
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\documents and settings\p\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\p\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1.0\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - f:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - f:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\p\applic~1\mozilla\firefox\profiles\9p2a3ryq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\p\application data\mozilla\firefox\profiles\9p2a3ryq.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\p\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows.0\system32\drivers\Lbd.sys [2009-6-2 64160]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows.0\system32\drivers\avgtdix.sys [2009-3-5 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows.0\system32\drivers\avgldx86.sys [2009-3-5 335752]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows.0\system32\drivers\avgmfx86.sys [2009-3-5 27784]
S1 SASDIFSV;SASDIFSV;f:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
S1 SASKUTIL;SASKUTIL;f:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
S1 sFxdrv;sFxdrv;c:\program files\sfx\sfX.sYs [2009-7-10 9472]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-5 907032]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-5 298776]
S2 gupdate1c98675578702b2;Google Update Service (gupdate1c98675578702b2);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S2 sfx;sfx;c:\windows.0\system32\SvchoSt.ExE -k sfx [2008-4-14 14336]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-12-1 33752]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
S3 SASENUM;SASENUM;f:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]

=============== Created Last 30 ================

2009-07-10 12:57 <DIR> --d----- c:\program files\sFX
2009-07-10 12:57 1 a------- c:\windows.0\934fdfg34fgjf23
2009-07-07 19:48 <DIR> --d-h--- c:\docume~1\alluse~1.0\applic~1\{0E8E33D8-193A-414A-A909-0F101A142D26}
2009-07-07 19:04 <DIR> --d----- c:\program files\Stardock Games
2009-07-04 13:10 <DIR> --d----- c:\program files\common files\Autodesk Shared
2009-07-04 13:01 <DIR> --d----- c:\program files\backburner 2
2009-07-01 10:48 <DIR> --d----- c:\windows.0\pss
2009-06-29 09:20 <DIR> --d----- c:\windows.0\system32\KB905474
2009-06-28 21:00 <DIR> -cd----- c:\windows.0\system32\dllcache\cache
2009-06-28 20:39 <DIR> a-dshr-- C:\cmdcons
2009-06-28 20:35 161,792 a------- c:\windows.0\SWREG.exe
2009-06-28 20:35 155,136 a------- c:\windows.0\PEV.exe
2009-06-28 20:35 98,816 a------- c:\windows.0\sed.exe
2009-06-26 20:51 <DIR> --d----- c:\docume~1\p\applic~1\Wormux
2009-06-24 21:21 <DIR> --d----- c:\documents and settings\p\Trillian
2009-06-22 15:13 <DIR> --d----- c:\docume~1\alluse~1.0\applic~1\AVG Security Toolbar
2009-06-20 17:17 189,288 a------- c:\windows.0\system32\PnkBstrB.xtr
2009-06-20 17:16 3,273,512 a------- c:\windows.0\system32\pbsvc.exe
2009-06-20 13:22 <DIR> --d----- c:\docume~1\alluse~1.0\applic~1\AA3DeployClient
2009-06-19 10:25 <DIR> --d----- c:\program files\Atari
2009-06-18 10:46 <DIR> --d----- c:\program files\Groove Games
2009-06-16 17:09 593,920 -------- c:\windows.0\system32\ati2sgag.exe
2009-06-16 17:08 <DIR> --d----- C:\ATI

==================== Find3M ====================

2009-07-10 10:23 335,752 a------- c:\windows.0\system32\drivers\avgldx86.sys
2009-07-04 11:35 43,520 a------- c:\windows.0\system32\CmdLineExt03.dll
2009-06-22 15:12 11,952 a------- c:\windows.0\system32\avgrsstx.dll
2009-06-21 11:56 137,888 a------- c:\windows.0\system32\drivers\PnkBstrK.sys
2009-06-21 11:56 189,288 a------- c:\windows.0\system32\PnkBstrB.exe
2009-06-20 17:16 139,152 a------- c:\docume~1\p\applic~1\PnkBstrK.sys
2009-06-20 17:16 75,064 a------- c:\windows.0\system32\PnkBstrA.exe
2009-06-17 11:27 38,160 a------- c:\windows.0\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows.0\system32\drivers\mbam.sys
2009-06-09 06:46 15,688 a------- c:\windows.0\system32\lsdelete.exe
2009-06-01 20:55 721,904 a------- c:\windows.0\system32\drivers\sptd.sys
2009-05-21 11:33 410,984 a------- c:\windows.0\system32\deploytk.dll
2009-05-15 22:58 4,069,888 a------- c:\windows.0\system32\drivers\ati2mtag.sys
2009-05-15 22:39 442,368 a------- c:\windows.0\system32\ATIDEMGX.dll
2009-05-15 22:38 335,872 a------- c:\windows.0\system32\ati2dvag.dll
2009-05-15 22:18 204,800 a------- c:\windows.0\system32\atipdlxx.dll
2009-05-15 22:17 155,648 a------- c:\windows.0\system32\Oemdspif.dll
2009-05-15 22:17 26,112 a------- c:\windows.0\system32\Ati2mdxx.exe
2009-05-15 22:17 43,520 a------- c:\windows.0\system32\ati2edxx.dll
2009-05-15 22:17 155,648 a------- c:\windows.0\system32\ati2evxx.dll
2009-05-15 22:15 602,112 a------- c:\windows.0\system32\ati2evxx.exe
2009-05-15 22:14 53,248 a------- c:\windows.0\system32\ATIDDC.DLL
2009-05-15 22:07 2,987,136 a------- c:\windows.0\system32\ati3duag.dll
2009-05-15 21:55 11,423,744 a------- c:\windows.0\system32\atioglxx.dll
2009-05-15 21:54 2,122,624 a------- c:\windows.0\system32\ativvaxx.dll
2009-05-15 21:54 887,724 a------- c:\windows.0\system32\ativva6x.dat
2009-05-15 21:51 311,296 a------- c:\windows.0\system32\atiiiexx.dll
2009-05-15 21:38 49,664 a------- c:\windows.0\system32\atimpc32.dll
2009-05-15 21:38 49,664 a------- c:\windows.0\system32\amdpcom32.dll
2009-05-15 21:33 479,232 a------- c:\windows.0\system32\atikvmag.dll
2009-05-15 21:31 139,264 a------- c:\windows.0\system32\atiadlxx.dll
2009-05-15 21:31 17,408 a------- c:\windows.0\system32\atitvo32.dll
2009-05-15 21:30 53,248 a------- c:\windows.0\system32\drivers\ati2erec.dll
2009-05-15 21:26 376,832 a------- c:\windows.0\system32\atiok3x2.dll
2009-05-15 21:24 651,264 a------- c:\windows.0\system32\ati2cqag.dll
2009-05-15 20:35 45,056 a------- c:\windows.0\system32\aticalrt.dll
2009-05-15 20:34 45,056 a------- c:\windows.0\system32\aticalcl.dll
2009-05-15 20:33 3,158,016 a------- c:\windows.0\system32\aticaldd.dll
2009-05-07 10:32 345,600 a------- c:\windows.0\system32\localspl.dll
2009-05-05 14:33 118,784 a------- c:\windows.0\system32\atibtmon.exe
2009-04-28 23:46 666,624 a------- c:\windows.0\system32\wininet.dll
2009-04-28 23:46 81,920 a------- c:\windows.0\system32\ieencode.dll
2009-04-23 14:04 189,051 a------- c:\windows.0\system32\atiicdxx.dat
2009-04-17 07:26 1,847,168 a------- c:\windows.0\system32\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows.0\system32\rpcrt4.dll
2008-04-14 06:42 1,695,232 a--sh--- c:\windows.0\vistamizer\old\msmsgs.exe

============= FINISH: 11:27:06.01 ===============



--------------------------------
MBAM LOG - QUICK SCAN
--------------------------------

Malwarebytes' Anti-Malware 1.38
Database version: 2360
Windows 5.1.2600 Service Pack 3

7/10/2009 1:22:52 PM
mbam-log-2009-07-10 (13-22-52).txt

Scan type: Quick Scan
Objects scanned: 119831
Time elapsed: 11 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 9
Registry Data Items Infected: 6
Folders Infected: 1
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcmstub (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pcmstub (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcmstub (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\13958124 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\13958124 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users.windows.0\application data\13958124\13958124 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users.windows.0\application data\13958124\13958124.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS.0\system32\pcmstub.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\p\local settings\temp\lko0ij8uyhg8ujuyt6hu7gnvc43.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\documents and settings\p\local settings\temp\lko0ij8uyhg8ujuyt6hu7gnvc44.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\p\local settings\temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\pp10.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS.0\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS.0\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS.0\system32\6to4v32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\ld12.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\tpsaxyd.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\drivers\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
c:\documents and settings\p\Local Settings\temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS.0\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\p\Local Settings\temp\b.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS.0\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS.0\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS.0\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\p\Local Settings\temp\db.exe (Trojan.Downloader) -> Quarantined and deleted successfully.



----------------------------
MBAM LOG - FULL SCAN
----------------------------

Malwarebytes' Anti-Malware 1.38
Database version: 2360
Windows 5.1.2600 Service Pack 3

7/10/2009 11:14:40 PM
mbam-log-2009-07-10 (23-14-40).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 773153
Time elapsed: 5 hour(s), 6 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{da7e40e6-3af2-4a46-874c-c70276e5fac2}\RP255\A0071580.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{da7e40e6-3af2-4a46-874c-c70276e5fac2}\RP255\A0071581.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{da7e40e6-3af2-4a46-874c-c70276e5fac2}\RP273\A0076675.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{da7e40e6-3af2-4a46-874c-c70276e5fac2}\RP273\A0076676.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{da7e40e6-3af2-4a46-874c-c70276e5fac2}\RP273\A0076677.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{da7e40e6-3af2-4a46-874c-c70276e5fac2}\RP273\A0076679.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
f:\system volume information\_restore{da7e40e6-3af2-4a46-874c-c70276e5fac2}\RP270\A0074657.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Attached Files


Edited by afella, 11 July 2009 - 11:45 AM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 PM

Posted 19 July 2009 - 03:17 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 afella

afella
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MO
  • Local time:12:48 PM

Posted 20 July 2009 - 12:09 PM

Hi,

I'm still here with the same problem, thank you for getting back to me. I understand how busy you guys are - within 24hrs of posting this topic, my topic was bumped back to page 24 in the forum!! :thumbup2: You guys rock!

So I still have the same problem but I have an update: I noticed that my firewall is disabled and greyed out and I cannot reactivate it. I also got an error report from AVG saying the program cannot auto update AVG because some key file used for the auto update has been removed. So I guess this was the virus that did all this. Also, dunno if its important, but in safe mode Firefox is still running unbelievably slow, but Google Chrome runs at normal speed. - Dunno if it makes a difference; just wanna give you guys as much info as possible.

Here is an updated DDS scan:

------------------------
UPDATED DDS LOG
------------------------

DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by p at 11:57:35.64 on Mon 07/20/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2697 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS.0\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS.0\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS.0\Explorer.EXE
svchost
C:\Documents and Settings\p\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\p\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
F:\Antivirus Spyware package\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows.0\system32\ctfmon.exe
uRun: [VistaStartMenu] "c:\program files\vista start menu\VistaStartMenu.exe"
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\documents and settings\p\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\p\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1.0\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - f:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - f:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\p\applic~1\mozilla\firefox\profiles\9p2a3ryq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\p\application data\mozilla\firefox\profiles\9p2a3ryq.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\p\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows.0\system32\drivers\Lbd.sys [2009-6-2 64160]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows.0\system32\drivers\avgtdix.sys [2009-3-5 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows.0\system32\drivers\avgldx86.sys [2009-3-5 335752]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows.0\system32\drivers\avgmfx86.sys [2009-3-5 27784]
S1 SASDIFSV;SASDIFSV;f:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
S1 SASKUTIL;SASKUTIL;f:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
S1 sFxdrv;sFxdrv;c:\program files\sfx\sfX.sYs [2009-7-10 9472]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-5 907032]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-5 298776]
S2 gupdate1c98675578702b2;Google Update Service (gupdate1c98675578702b2);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S2 sfx;sfx;c:\windows.0\system32\SvchoSt.ExE -k sfx [2008-4-14 14336]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-12-1 33752]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
S3 SASENUM;SASENUM;f:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]

=============== Created Last 30 ================

2009-07-14 17:42 43,520 a------- c:\windows.0\system32\CmdLineExt03.dll
2009-07-12 16:24 4,096 a------- c:\windows.0\system32\crash
2009-07-10 12:57 <DIR> --d----- c:\program files\sFX
2009-07-10 12:57 1 a------- c:\windows.0\934fdfg34fgjf23
2009-07-07 19:48 <DIR> --d-h--- c:\docume~1\alluse~1.0\applic~1\{0E8E33D8-193A-414A-A909-0F101A142D26}
2009-07-07 19:04 <DIR> --d----- c:\program files\Stardock Games
2009-07-04 13:10 <DIR> --d----- c:\program files\common files\Autodesk Shared
2009-07-04 13:01 <DIR> --d----- c:\program files\backburner 2
2009-07-01 10:48 <DIR> --d----- c:\windows.0\pss
2009-06-29 09:20 <DIR> --d----- c:\windows.0\system32\KB905474
2009-06-28 21:00 <DIR> -cd----- c:\windows.0\system32\dllcache\cache
2009-06-28 20:39 <DIR> a-dshr-- C:\cmdcons
2009-06-28 20:35 161,792 a------- c:\windows.0\SWREG.exe
2009-06-28 20:35 155,136 a------- c:\windows.0\PEV.exe
2009-06-28 20:35 98,816 a------- c:\windows.0\sed.exe
2009-06-26 20:51 <DIR> --d----- c:\docume~1\p\applic~1\Wormux
2009-06-24 21:21 <DIR> --d----- c:\documents and settings\p\Trillian
2009-06-22 15:13 <DIR> --d----- c:\docume~1\alluse~1.0\applic~1\AVG Security Toolbar
2009-06-20 17:17 189,288 a------- c:\windows.0\system32\PnkBstrB.xtr
2009-06-20 17:16 3,273,512 a------- c:\windows.0\system32\pbsvc.exe
2009-06-20 13:22 <DIR> --d----- c:\docume~1\alluse~1.0\applic~1\AA3DeployClient

==================== Find3M ====================

2009-07-15 21:18 413,696 a------- c:\windows.0\system32\wrap_oal.dll
2009-07-15 21:18 110,592 a------- c:\windows.0\system32\OpenAL32.dll
2009-07-12 18:11 98,304 a------- c:\windows.0\system32\CmdLineExt.dll
2009-07-10 10:23 335,752 a------- c:\windows.0\system32\drivers\avgldx86.sys
2009-06-22 15:12 11,952 a------- c:\windows.0\system32\avgrsstx.dll
2009-06-21 11:56 137,888 a------- c:\windows.0\system32\drivers\PnkBstrK.sys
2009-06-21 11:56 189,288 a------- c:\windows.0\system32\PnkBstrB.exe
2009-06-20 17:16 139,152 a------- c:\docume~1\p\applic~1\PnkBstrK.sys
2009-06-20 17:16 75,064 a------- c:\windows.0\system32\PnkBstrA.exe
2009-06-19 10:17 169,998 a------- c:\windows.0\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-06-17 11:27 38,160 a------- c:\windows.0\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows.0\system32\drivers\mbam.sys
2009-06-09 06:46 15,688 a------- c:\windows.0\system32\lsdelete.exe
2009-06-01 20:55 721,904 a------- c:\windows.0\system32\drivers\sptd.sys
2009-05-21 11:33 410,984 a------- c:\windows.0\system32\deploytk.dll
2009-05-15 22:39 442,368 a------- c:\windows.0\system32\ATIDEMGX.dll
2009-05-15 22:38 335,872 a------- c:\windows.0\system32\ati2dvag.dll
2009-05-15 22:18 204,800 a------- c:\windows.0\system32\atipdlxx.dll
2009-05-15 22:17 155,648 a------- c:\windows.0\system32\Oemdspif.dll
2009-05-15 22:17 26,112 a------- c:\windows.0\system32\Ati2mdxx.exe
2009-05-15 22:17 43,520 a------- c:\windows.0\system32\ati2edxx.dll
2009-05-15 22:17 155,648 a------- c:\windows.0\system32\ati2evxx.dll
2009-05-15 22:15 602,112 a------- c:\windows.0\system32\ati2evxx.exe
2009-05-15 22:14 53,248 a------- c:\windows.0\system32\ATIDDC.DLL
2009-05-15 22:07 2,987,136 a------- c:\windows.0\system32\ati3duag.dll
2009-05-15 21:55 11,423,744 a------- c:\windows.0\system32\atioglxx.dll
2009-05-15 21:54 2,122,624 a------- c:\windows.0\system32\ativvaxx.dll
2009-05-15 21:54 887,724 a------- c:\windows.0\system32\ativva6x.dat
2009-05-15 21:51 311,296 a------- c:\windows.0\system32\atiiiexx.dll
2009-05-15 21:38 49,664 a------- c:\windows.0\system32\atimpc32.dll
2009-05-15 21:38 49,664 a------- c:\windows.0\system32\amdpcom32.dll
2009-05-15 21:33 479,232 a------- c:\windows.0\system32\atikvmag.dll
2009-05-15 21:31 139,264 a------- c:\windows.0\system32\atiadlxx.dll
2009-05-15 21:31 17,408 a------- c:\windows.0\system32\atitvo32.dll
2009-05-15 21:26 376,832 a------- c:\windows.0\system32\atiok3x2.dll
2009-05-15 21:24 651,264 a------- c:\windows.0\system32\ati2cqag.dll
2009-05-15 21:05 593,920 -------- c:\windows.0\system32\ati2sgag.exe
2009-05-15 20:35 45,056 a------- c:\windows.0\system32\aticalrt.dll
2009-05-15 20:34 45,056 a------- c:\windows.0\system32\aticalcl.dll
2009-05-15 20:33 3,158,016 a------- c:\windows.0\system32\aticaldd.dll
2009-05-07 10:32 345,600 a------- c:\windows.0\system32\localspl.dll
2009-05-05 14:33 118,784 a------- c:\windows.0\system32\atibtmon.exe
2009-04-28 23:46 666,624 a------- c:\windows.0\system32\wininet.dll
2009-04-28 23:46 81,920 a------- c:\windows.0\system32\ieencode.dll
2009-04-23 14:04 189,051 a------- c:\windows.0\system32\atiicdxx.dat
2008-04-14 06:42 1,695,232 a--sh--- c:\windows.0\vistamizer\old\msmsgs.exe

============= FINISH: 11:58:03.28 ===============

Attached Files



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:48 PM

Posted 23 July 2009 - 08:53 AM

Hello and welcome to the BleepingComputer.com! :thumbup2:

I will be helping you today. :) If you still need help, please let me know by replying to this thread. :)

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 afella

afella
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MO
  • Local time:12:48 PM

Posted 23 July 2009 - 09:17 AM

Hello _temp_,

Yep, I'm still here and still in need of help. I have not made any changes to my computer since my last DDS log. I am tracking this topic now.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:48 PM

Posted 23 July 2009 - 09:52 AM

Heya,

glad to hear you're still here and sorry for the delay. :thumbup2:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 afella

afella
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MO
  • Local time:12:48 PM

Posted 23 July 2009 - 10:16 PM

I'm writing this reply from my browser, running in normal mode! :thumbup2: Looks like ComboFix fixed the problem. :) The steps I have taken since running ComboFix are I have just updated my AVG since I could not do so before, and I just re-enabled my firewall, which sems to be fixed again. Thank you so much _temp_. Should I take any further steps? Heres the ComboFix log results below...

--------------------------
ComboFix Log
---------------------------

ComboFix 09-07-23.02 - p 07/23/2009 21:25.4.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2312 [GMT -5:00]
Running from: c:\documents and settings\p\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\p\My Documents\ArmA Other Profiles\Paul\missions\GloriaEngVer\Missions\Gloria_8_1.Sara\shok\_desktop.ini
c:\documents and settings\p\My Documents\ArmA Other Profiles\Paul\missions\GloriaEngVer\Missions\Gloria_8_1.Sara\sound\_desktop.ini
c:\documents and settings\p\My Documents\ArmA Other Profiles\Paul\missions\GloriaEngVer\Missions\Gloria_8_2.Sara\shok\_desktop.ini
c:\documents and settings\p\My Documents\ArmA Other Profiles\Paul\missions\GloriaEngVer\Missions\Gloria_8_2.Sara\sound\_desktop.ini
c:\program files\sFX
c:\program files\sFX\SfX.DlL
c:\program files\sFX\sfX.sYs
c:\windows.0\934fdfg34fgjf23
c:\windows.0\Install.txt
c:\windows.0\run.log
c:\windows.0\system32\wbem\proquota.exe
c:\windows.0\TEMP\logishrd\LVPrcInj01.dll
c:\windows\Installer\16c27.msi
c:\windows\Installer\182f2e.msi
c:\windows\Installer\19c1a5.msi
c:\windows\Installer\19c1ab.msi
c:\windows\Installer\19c1b1.msi
c:\windows\Installer\19c1b7.msi
c:\windows\Installer\19c1bd.msi
c:\windows\Installer\19c1c3.msi
c:\windows\Installer\19c1c9.msi
c:\windows\Installer\19c1cf.msi
c:\windows\Installer\19c1d5.msi
c:\windows\Installer\19c1db.msi
c:\windows\Installer\19c1e1.msi
c:\windows\Installer\19c1e7.msi
c:\windows\Installer\19c1ed.msi
c:\windows\Installer\19c1f3.msi
c:\windows\Installer\19c1f9.msi
c:\windows\Installer\19c1ff.msi
c:\windows\Installer\19c205.msi
c:\windows\Installer\19c20b.msi
c:\windows\Installer\19c211.msi
c:\windows\Installer\19c217.msi
c:\windows\Installer\19c21d.msi
c:\windows\Installer\19c223.msi
c:\windows\Installer\19c229.msi
c:\windows\Installer\19c22f.msi
c:\windows\Installer\19c235.msi
c:\windows\Installer\19c23b.msi
c:\windows\Installer\19c241.msi
c:\windows\Installer\19c247.msi
c:\windows\Installer\19c24d.msi
c:\windows\Installer\19c253.msi
c:\windows\Installer\19c259.msi
c:\windows\Installer\19c25f.msi
c:\windows\Installer\19c265.msi
c:\windows\Installer\19c26b.msi
c:\windows\Installer\19c271.msi
c:\windows\Installer\19c277.msi
c:\windows\Installer\19c27d.msi
c:\windows\Installer\19c283.msi
c:\windows\Installer\19c289.msi
c:\windows\Installer\19c28f.msi
c:\windows\Installer\19c295.msi
c:\windows\Installer\19c29b.msi
c:\windows\Installer\19c2a1.msi
c:\windows\Installer\19c2a7.msi
c:\windows\Installer\19c2ad.msi
c:\windows\Installer\19c2b3.msi
c:\windows\Installer\19c2b9.msi
c:\windows\Installer\19c2bf.msi
c:\windows\Installer\19c2c5.msi
c:\windows\Installer\19c2cb.msi
c:\windows\Installer\19c2d1.msi
c:\windows\Installer\19c2d8.msi

c:\windows.0\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_PCMSTUB
-------\Legacy_SFX
-------\Legacy_SFXDRV
-------\Service_sfx
-------\Service_sFxdrv
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-06-24 to 2009-07-24 )))))))))))))))))))))))))))))))
.

2009-07-24 01:55 . 2009-07-24 01:55 -------- d-s---w- C:\Combo-Fix
2009-07-23 02:31 . 2009-07-23 02:31 -------- d-----w- c:\documents and settings\p\eee
2009-07-22 00:51 . 1998-07-01 22:40 151552 ----a-w- c:\windows.0\unswat.exe
2009-07-22 00:51 . 1997-06-09 20:47 137728 ----a-w- c:\windows.0\system32\Rdxcom.dll
2009-07-22 00:51 . 1997-06-09 20:00 62976 ----a-w- c:\windows.0\system32\rdxam.dll
2009-07-22 00:51 . 1997-06-09 19:59 188928 ----a-w- c:\windows.0\system32\rdxmmx.dll
2009-07-22 00:51 . 1997-06-09 19:58 185856 ----a-w- c:\windows.0\system32\rdxp5.dll
2009-07-22 00:51 . 1997-06-09 19:54 100352 ----a-w- c:\windows.0\system32\dmix.dll
2009-07-22 00:51 . 1997-06-09 19:57 92160 ----a-w- c:\windows.0\system32\dinoav.dll
2009-07-22 00:51 . 1997-06-09 19:56 78848 ----a-w- c:\windows.0\system32\Dino2d.dll
2009-07-22 00:51 . 1998-06-23 21:16 231936 ----a-w- c:\windows.0\system32\SNWValid.dll
2009-07-22 00:51 . 1998-06-23 21:16 1053184 ----a-w- c:\windows.0\system32\SierraNW.dll
2009-07-22 00:51 . 2009-07-22 00:51 -------- d-----w- c:\program files\Sierra On-Line
2009-07-15 21:32 . 2009-07-23 04:34 -------- d-----w- c:\documents and settings\p\Local Settings\Application Data\Temp
2009-07-14 22:42 . 2009-07-14 22:43 43520 ----a-w- c:\windows.0\system32\CmdLineExt03.dll
2009-07-10 15:23 . 2009-06-22 20:12 327688 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\avg8\update\backup\avgldx86.sys
2009-07-10 15:23 . 2009-06-22 20:12 2052376 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\avg8\update\backup\avgcorex.dll
2009-07-10 15:23 . 2009-06-22 20:12 493336 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\avg8\update\backup\avgtbapi.dll
2009-07-10 15:23 . 2009-06-22 20:12 906520 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\avg8\update\backup\avgemc.exe
2009-07-10 15:23 . 2009-06-22 20:12 3402008 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\avg8\update\backup\avgui.exe
2009-07-10 15:23 . 2009-06-22 20:12 2167576 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\avg8\update\backup\avgresf.dll
2009-07-10 15:23 . 2009-06-22 20:12 337176 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\avg8\update\backup\avglogx.dll
2009-07-10 15:23 . 2009-06-22 20:12 1204504 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\avg8\update\backup\avgabout.dll
2009-07-10 15:23 . 2009-06-22 20:12 829208 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-10 15:23 . 2009-06-22 20:12 3298072 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\avg8\update\backup\setup.exe
2009-07-10 15:22 . 2009-06-22 20:11 1454360 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\avg8\update\backup\avgupd.dll
2009-07-10 15:22 . 2009-06-22 20:11 1085208 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\avg8\update\backup\avgupd.exe
2009-07-08 00:48 . 2009-07-08 00:48 -------- d--h--w- c:\documents and settings\All Users.WINDOWS.0\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2009-07-08 00:48 . 2008-01-18 20:26 2763784 ----a-r- c:\documents and settings\All Users.WINDOWS.0\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe
2009-07-08 00:04 . 2009-07-08 00:50 -------- d-----w- c:\program files\Stardock Games
2009-07-04 18:10 . 2009-07-04 18:11 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-07-04 18:01 . 2009-07-04 18:10 -------- d-----w- c:\program files\backburner 2
2009-07-04 18:01 . 2009-07-04 18:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Autodesk
2009-07-03 15:15 . 2009-07-03 15:15 -------- d-----w- c:\program files\Ubisoft
2009-07-01 16:50 . 2009-05-01 21:17 77824 ----a-w- c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\9p2a3ryq.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2009-07-01 15:29 . 2009-07-01 15:29 -------- d-----w- c:\documents and settings\p\Local Settings\Application Data\AVG Security Toolbar
2009-06-30 15:30 . 2009-06-14 21:07 1004800 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-29 14:20 . 2009-06-29 14:20 -------- d-----w- c:\windows.0\system32\KB905474
2009-06-29 14:20 . 2009-03-11 03:26 1403264 ----a-w- c:\windows.0\system32\KB905474\wganotifypackageinner.exe
2009-06-29 14:20 . 2009-03-11 03:18 453512 ----a-w- c:\windows.0\system32\KB905474\wgasetup.exe
2009-06-27 01:51 . 2009-06-27 02:07 -------- d-----w- c:\documents and settings\p\Application Data\Wormux
2009-06-25 02:21 . 2009-06-25 02:21 -------- d-----w- c:\documents and settings\p\Trillian

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 03:29 . 2009-03-20 16:04 -------- d-----w- c:\documents and settings\p\Application Data\Vista Start Menu
2009-07-22 01:33 . 2008-11-20 20:50 35496 ----a-w- c:\documents and settings\p\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-21 23:40 . 2008-12-04 02:59 98304 ----a-w- c:\windows.0\system32\CmdLineExt.dll
2009-07-21 23:39 . 2008-11-21 17:49 -------- d-----w- c:\program files\Steam
2009-07-18 16:38 . 2008-12-04 18:08 -------- d-----w- c:\program files\EA GAMES
2009-07-18 16:38 . 2008-11-20 03:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 16:11 . 2009-01-16 03:31 -------- d-----w- c:\program files\Bohemia Interactive
2009-07-16 02:18 . 2009-01-28 16:14 413696 ----a-w- c:\windows.0\system32\wrap_oal.dll
2009-07-16 02:18 . 2009-01-28 16:14 110592 ----a-w- c:\windows.0\system32\OpenAL32.dll
2009-07-13 19:00 . 2008-11-20 16:54 -------- d-----w- c:\program files\Trillian
2009-07-13 00:09 . 2009-04-03 00:30 117760 ----a-w- c:\documents and settings\p\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-13 00:03 . 2009-03-14 15:39 1 ----a-w- c:\documents and settings\p\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-11 19:16 . 2008-11-20 19:46 664 ----a-w- c:\windows.0\system32\d3d9caps.dat
2009-07-10 17:44 . 2008-11-20 20:03 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-10 15:23 . 2009-03-05 15:31 335752 ----a-w- c:\windows.0\system32\drivers\avgldx86.sys
2009-07-07 20:47 . 2009-01-30 20:01 -------- d-----w- c:\documents and settings\p\Application Data\LimeWire
2009-07-03 17:41 . 2008-12-20 03:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\FLEXnet
2009-06-30 15:30 . 2009-06-22 20:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\AVG Security Toolbar
2009-06-29 18:37 . 2009-03-05 15:31 -------- d-----w- c:\documents and settings\p\Application Data\AVGTOOLBAR
2009-06-29 18:31 . 2009-03-13 16:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-27 18:15 . 2008-11-20 17:22 -------- d-----w- c:\documents and settings\p\Application Data\Skype
2009-06-27 18:11 . 2009-01-23 16:46 -------- d-----w- c:\program files\Left 4 Dead
2009-06-27 15:25 . 2009-01-24 04:05 -------- d-----w- c:\program files\Garena
2009-06-27 15:21 . 2008-11-20 17:22 -------- d-----w- c:\documents and settings\p\Application Data\skypePM
2009-06-27 15:06 . 2009-03-10 18:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Ubisoft
2009-06-26 14:28 . 2009-04-03 05:06 -------- d-----w- c:\program files\AMP WinOFF
2009-06-25 19:32 . 2008-11-20 17:54 -------- d-----w- c:\program files\Poser 6
2009-06-22 20:12 . 2009-06-22 20:12 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\AVGTOOLBAR
2009-06-22 20:12 . 2009-03-05 15:31 11952 ----a-w- c:\windows.0\system32\avgrsstx.dll
2009-06-22 20:12 . 2009-03-05 15:31 27784 ----a-w- c:\windows.0\system32\drivers\avgmfx86.sys
2009-06-22 20:12 . 2009-06-22 20:13 832144 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-21 19:19 . 2008-12-09 23:06 138280 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-21 16:56 . 2008-11-20 20:24 137888 ----a-w- c:\windows.0\system32\drivers\PnkBstrK.sys
2009-06-21 16:56 . 2008-11-20 20:24 189288 ----a-w- c:\windows.0\system32\PnkBstrB.exe
2009-06-20 22:16 . 2008-11-20 20:24 139152 ----a-w- c:\documents and settings\p\Application Data\PnkBstrK.sys
2009-06-20 22:16 . 2008-11-20 20:24 139152 ----a-w- c:\documents and settings\p\Application Data\PnkBstrK.sys
2009-06-20 22:16 . 2009-06-20 22:16 3273512 ----a-w- c:\windows.0\system32\pbsvc.exe
2009-06-20 22:16 . 2008-11-20 20:24 75064 ----a-w- c:\windows.0\system32\PnkBstrA.exe
2009-06-20 21:53 . 2009-06-20 18:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\AA3DeployClient
2009-06-20 01:33 . 2009-02-04 03:04 -------- d-----w- c:\program files\Google
2009-06-19 15:25 . 2009-06-19 15:25 -------- d-----w- c:\program files\Atari
2009-06-19 15:17 . 2009-07-14 00:27 169998 ----a-w- c:\windows.0\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-06-18 17:07 . 2009-06-18 17:07 -------- d--h--r- c:\documents and settings\p\Application Data\SecuROM
2009-06-18 15:46 . 2009-06-18 15:46 -------- d-----w- c:\program files\Groove Games
2009-06-17 16:27 . 2009-03-13 16:45 38160 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2009-06-17 16:27 . 2009-03-13 16:45 19096 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2009-06-16 22:17 . 2009-06-16 22:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\ATI
2009-06-16 22:13 . 2008-11-20 04:16 -------- d-----w- c:\program files\ATI Technologies
2009-06-09 20:57 . 2009-01-30 20:01 -------- d-----w- c:\program files\Java
2009-06-09 20:57 . 2009-06-09 20:57 152576 ----a-w- c:\documents and settings\p\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 11:46 . 2009-06-09 11:46 15688 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-09 11:46 . 2009-06-02 20:45 15688 ----a-w- c:\windows.0\system32\lsdelete.exe
2009-06-09 11:46 . 2009-06-09 11:46 83808 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-09 11:46 . 2009-06-09 11:46 40288 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-09 11:46 . 2009-06-09 11:46 212848 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-07 16:51 . 2009-06-07 16:51 10134 ----a-r- c:\documents and settings\p\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-07 16:51 . 2009-06-07 16:51 -------- d-----w- c:\program files\Microsoft WSE
2009-06-07 16:43 . 2009-03-19 02:38 -------- d-----w- c:\program files\Electronic Arts
2009-06-06 04:02 . 2009-06-06 04:02 -------- d-----w- c:\program files\iTunes
2009-06-06 04:02 . 2009-06-06 04:02 -------- d-----w- c:\program files\iPod
2009-06-06 04:02 . 2008-11-20 16:51 -------- d-----w- c:\program files\Common Files\Apple
2009-06-06 04:01 . 2009-06-06 04:00 -------- d-----w- c:\program files\QuickTime
2009-06-06 03:55 . 2009-06-06 03:55 75048 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-06 01:34 . 2009-03-25 21:39 -------- d-----w- c:\documents and settings\p\Application Data\Mount&Blade
2009-06-03 03:20 . 2009-06-03 03:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-03 03:20 . 2009-06-03 03:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy
2009-06-02 11:46 . 2009-06-02 11:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Lavasoft
2009-06-02 11:46 . 2009-06-02 11:46 64160 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-02 11:44 . 2009-06-02 11:44 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS.0\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-02 11:44 . 2009-06-02 11:44 -------- d-----w- c:\program files\Lavasoft
2009-06-02 11:32 . 2009-06-02 11:32 -------- d-----w- c:\program files\Trend Micro
2009-06-02 02:03 . 2008-11-20 20:01 -------- d-----w- c:\documents and settings\p\Application Data\DAEMON Tools
2009-06-02 01:58 . 2009-06-02 01:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\DAEMON Tools Lite
2009-06-02 01:58 . 2009-06-02 01:58 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-02 01:57 . 2009-03-05 15:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\avg8
2009-06-02 01:55 . 2008-11-20 20:01 721904 ----a-w- c:\windows.0\system32\drivers\sptd.sys
2009-06-02 01:55 . 2009-06-02 01:55 -------- d-----w- c:\documents and settings\p\Application Data\DAEMON Tools Lite
2009-05-21 16:33 . 2009-01-30 20:01 410984 ----a-w- c:\windows.0\system32\deploytk.dll
2009-05-16 03:58 . 2008-03-19 02:55 4069888 ----a-w- c:\windows.0\system32\drivers\ati2mtag.sys
2009-05-16 03:39 . 2008-11-20 20:38 442368 ----a-w- c:\windows.0\system32\ATIDEMGX.dll
2009-05-16 03:38 . 2008-03-19 02:03 335872 ----a-w- c:\windows.0\system32\ati2dvag.dll
2009-05-16 03:18 . 2008-03-19 01:54 204800 ----a-w- c:\windows.0\system32\atipdlxx.dll
2009-05-16 03:17 . 2008-03-19 01:54 155648 ----a-w- c:\windows.0\system32\Oemdspif.dll
2009-05-16 03:17 . 2008-03-19 01:54 26112 ----a-w- c:\windows.0\system32\Ati2mdxx.exe
2009-05-16 03:17 . 2008-03-19 01:54 43520 ----a-w- c:\windows.0\system32\ati2edxx.dll
2009-05-16 03:17 . 2008-03-19 01:54 155648 ----a-w- c:\windows.0\system32\ati2evxx.dll
2009-05-16 03:15 . 2008-03-19 01:52 602112 ----a-w- c:\windows.0\system32\ati2evxx.exe
2009-05-16 03:14 . 2008-03-19 01:51 53248 ----a-w- c:\windows.0\system32\ATIDDC.DLL
2009-05-16 03:07 . 2008-03-19 01:42 2987136 ----a-w- c:\windows.0\system32\ati3duag.dll
2009-05-16 02:55 . 2009-05-16 02:55 11423744 ----a-w- c:\windows.0\system32\atioglxx.dll
2009-05-16 02:54 . 2008-03-19 01:35 2122624 ----a-w- c:\windows.0\system32\ativvaxx.dll
2009-05-16 02:54 . 2008-11-20 20:38 887724 ----a-w- c:\windows.0\system32\ativva6x.dat
2009-05-16 02:54 . 2008-11-20 20:38 3 ----a-w- c:\windows.0\system32\ativva5x.dat
2009-05-16 02:51 . 2008-11-20 20:38 311296 ----a-w- c:\windows.0\system32\atiiiexx.dll
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows.0\system32\atimpc32.dll
2009-05-16 02:38 . 2008-03-19 01:23 49664 ----a-w- c:\windows.0\system32\amdpcom32.dll
2009-05-16 02:33 . 2008-03-19 01:19 479232 ----a-w- c:\windows.0\system32\atikvmag.dll
2009-05-16 02:31 . 2009-05-16 02:31 139264 ----a-w- c:\windows.0\system32\atiadlxx.dll
2009-05-16 02:31 . 2008-03-19 01:17 17408 ----a-w- c:\windows.0\system32\atitvo32.dll
2009-05-16 02:30 . 2008-03-19 01:17 53248 ----a-w- c:\windows.0\system32\drivers\ati2erec.dll
2009-06-24 13:26 . 2008-11-20 04:11 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-04-14 11:42 . 2009-03-20 16:12 1695232 --sha-w- c:\windows.0\VistaMizer\old\msmsgs.exe
.

------- Sigcheck -------

[-] 2008-04-14 05:42 587264 1F796B640B01A277B463E51CF0D79E10 c:\windows.0\system32\user32.dll
[-] 2008-04-14 05:42 587264 1F796B640B01A277B463E51CF0D79E10 c:\windows.0\system32\dllcache\user32.dll
[7] 2008-04-14 05:42 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows.0\VistaMizer\old\user32.dll

[-] 2008-04-14 05:42 547328 A55B8899D2EA2E800061BCFD456E34DC c:\windows.0\system32\winlogon.exe
[-] 2008-04-14 05:42 547328 A55B8899D2EA2E800061BCFD456E34DC c:\windows.0\system32\dllcache\winlogon.exe
[7] 2008-04-14 05:42 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows.0\VistaMizer\old\winlogon.exe

[-] 2008-04-14 05:42 1551872 F3C450A3B0E11A75E86B3E104C79C767 c:\windows.0\explorer.exe
[-] 2008-04-14 05:42 1551872 F3C450A3B0E11A75E86B3E104C79C767 c:\windows.0\system32\dllcache\explorer.exe
[7] 2008-04-14 05:42 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows.0\system32\VITrans\explorer.exe
[-] 2008-04-14 05:42 1423872 6A8B0B64F8D7EBEF70B16FF689C3C76D c:\windows.0\VistaMizer\old\explorer.exe

[-] 2008-04-14 05:42 25088 B5E8782D4AF1B3756F38E11E7C157BBE c:\windows.0\system32\ctfmon.exe
[-] 2008-04-14 05:42 25088 B5E8782D4AF1B3756F38E11E7C157BBE c:\windows.0\system32\dllcache\ctfmon.exe
[7] 2008-04-14 05:42 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows.0\VistaMizer\old\ctfmon.exe

[-] 2008-04-14 05:41 1390080 CB75214525D36F923D3948DA3CD1562D c:\windows.0\system32\comres.dll
[-] 2008-04-14 05:41 1390080 CB75214525D36F923D3948DA3CD1562D c:\windows.0\system32\dllcache\comres.dll
[7] 2008-04-14 05:41 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows.0\VistaMizer\old\comres.dll


[-] 2008-04-14 05:41 724992 8E520CF839F65BC9F5AFB440F27C7593 c:\windows.0\system32\comctl32.dll
[-] 2008-04-14 05:41 724992 8E520CF839F65BC9F5AFB440F27C7593 c:\windows.0\system32\dllcache\comctl32.dll
[7] 2008-04-14 05:41 617472 06F247492BC786CE5C24A23E178C711A c:\windows.0\VistaMizer\old\comctl32.dll
[7] 2001-08-23 14:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 05:42 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2008-07-19 13:37 1614848 649B4101C35E996E1866037C28A5FD42 c:\windows.0\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows.0\system32\ctfmon.exe" [2008-04-14 25088]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2009-03-06 2171392]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-11-23 1247232]
"Google Update"="c:\documents and settings\p\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-06 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-22 1948440]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-14 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows.0\RTHDCPL.exe [2008-05-14 16862720]

c:\documents and settings\p\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- f:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-22 20:12 11952 ----a-w- c:\windows.0\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^p^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\p\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows.0\pss\Logitech . Product Registration.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 Lbd;Lbd;c:\windows.0\system32\drivers\Lbd.sys [6/2/2009 6:46 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows.0\system32\drivers\avgldx86.sys [3/5/2009 10:31 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows.0\system32\drivers\avgtdix.sys [3/5/2009 10:31 AM 108552]
R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/5/2009 10:30 AM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/5/2009 10:30 AM 298776]
S2 gupdate1c98675578702b2;Google Update Service (gupdate1c98675578702b2);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2009 10:04 PM 133104]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [12/1/2008 9:29 PM 33752]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1003344]
S3 SASENUM;SASENUM;f:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FD7D8439-9D70-98D4-7DA6-BDA86C33D7AA}]
c:\windows.0\system32:msnmsgr.exe
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows.0\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:46]

2009-06-27 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-07-24 c:\windows.0\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 03:04]

2009-07-23 c:\windows.0\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 03:04]

2009-07-23 c:\windows.0\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-764733703-682003330-1003Core.job
- c:\documents and settings\p\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-14 02:41]

2009-07-23 c:\windows.0\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-764733703-682003330-1003UA.job
- c:\documents and settings\p\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-14 02:41]

2009-07-24 c:\windows.0\Tasks\WGASetup.job
- c:\windows.0\system32\KB905474\wgasetup.exe [2009-06-29 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\9p2a3ryq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\9p2a3ryq.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\p\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-23 21:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-764733703-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:35,7e,fc,23,8a,73,95,35,e1,d8,38,2b,45,c6,e9,fa,de,dc,d0,6b,99,e4,1f,
f5,57,d8,1f,fe,41,60,4b,96,ab,5c,2d,8e,7e,2e,06,96,de,1f,68,e2,26,54,3a,0d,\
"??"=hex:e1,92,06,03,2f,b3,c5,a3,f8,99,87,3a,dc,3b,fd,07

[HKEY_USERS\S-1-5-21-1454471165-764733703-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:79,fb,d0,d6,0c,03,6a,b9,f9,2a,55,1e,b1,9d,70,be,cb,43,fc,c2,0a,
88,53,4d,83,9c,70,ef,72,b7,5b,0d,56,f6,f1,d9,b2,c8,38,c1,4d,8b,80,74,4a,ee,\
"rkeysecu"=hex:b1,15,34,a2,e4,ad,16,3b,9e,2e,c8,c7,51,4f,f2,e2
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows.0\system32\SETUPAPI.dll
c:\windows.0\system32\sfc_os.dll
f:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows.0\system32\Ati2evxx.dll
c:\windows.0\system32\COMRes.dll
c:\windows.0\system32\cscui.dll

- - - - - - - > 'lsass.exe'(648)
c:\windows.0\system32\setupapi.dll
c:\windows.0\system32\psbase.dll

- - - - - - - > 'explorer.exe'(8172)
c:\windows.0\TEMP\logishrd\LVPrcInj01.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows.0\system32\COMRes.dll
c:\windows.0\System32\cscui.dll
c:\program files\Vista Start Menu\VistaStartMenu.dll
c:\windows.0\system32\SETUPAPI.dll
c:\windows.0\system32\msi.dll
c:\windows.0\system32\NETSHELL.dll
c:\windows.0\system32\credui.dll
c:\windows.0\system32\MSVCP60.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows.0\system32\ati2evxx.exe
c:\windows.0\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\windows.0\system32\PnkBstrA.exe
c:\windows.0\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows.0\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-24 22:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-24 03:01
ComboFix2.txt 2009-07-01 16:30

Pre-Run: 15,445,647,360 bytes free
Post-Run: 16,844,972,032 bytes free

475 --- E O F --- 2009-07-01 05:17

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:48 PM

Posted 24 July 2009 - 02:21 AM

Hi,

glad to hear, that your PC is doing better. :thumbup2:

Can you tell me if you know this folder:

c:\documents and settings\p\eee

Is this a folder you created?

Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    :filefind
    proquota.exe
    
    :dir
    c:\documents and settings\p\eee
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

Do you have a Windows CD at your disposition? We might need it.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 afella

afella
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MO
  • Local time:12:48 PM

Posted 24 July 2009 - 09:57 AM

Hi,

c:\documents and settings\p\eee is not a folder I recognize or created. In fact I have never even noticed it before. I took a look in the folder and it leads to C:\Documents and Settings\p\eee\eee.updater.exe.2\bin and inside there are two files: msvcrt-ruby18.dll and ruby.exe. I have no idea what either of them are.

I do not have a windows cd at my disposal because I bought this pc of a friend who built it and had already preinstalled windows. :)

Thanks for your continuing help. :thumbup2: Here is the SytemLook log:

--------------------------
SytemLook Log
-------------------------


SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 09:47 on 24/07/2009 by p (Administrator - Elevation successful)

========== filefind ==========

Searching for "proquota.exe"
C:\WINDOWS.0\VistaMizer\old\proquota.exe --a--- 50176 bytes [16:11 20/03/2009] [05:42 14/04/2008] F6465A2EEF75468988A4FCF124148FA8
C:\WINDOWS\system32\dllcache\proquota.exe --a--c 50176 bytes [05:42 14/04/2008] [05:42 14/04/2008] F6465A2EEF75468988A4FCF124148FA8
C:\WINDOWS\system32\proquota.exe --a--- 50176 bytes [05:42 14/04/2008] [05:42 14/04/2008] F6465A2EEF75468988A4FCF124148FA8

========== dir ==========

c:\documents and settings\p\eee - Parameters: "(none)"

---Files---
None found.

---Folders---
eee.updater.exe.2 d----- [02:31 23/07/2009]

-=End Of File=-

Edited by afella, 24 July 2009 - 09:58 AM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:48 PM

Posted 24 July 2009 - 10:46 AM

Hi afella,
It seems as if those files are used for making ruby-scripts executable. As the scripts can be either good or malicious, there is no real way of telling how to deal with this folder.

I would suggest you rename the folder eee to eee.old and if you do not notice any malfunctions in the next couple of days, I think you can safely delete it.

Please run another scan with Systemlook:
  • Double-click the SystemLook and copy/paste the following into the box
    :dir
    C:\windows
    C:\windows.0
    c:\documents and settings\p\Trillian /s
    
    :env
    %windir%
    %systemroot%
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. The log will be probably be pretty long, please attach it to your next reply.
Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
  • Java™ 6 Update 7
  • Ask Toolbar
  • DAEMON Tools Toolbar
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer


Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case limewire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 afella

afella
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MO
  • Local time:12:48 PM

Posted 24 July 2009 - 11:06 AM

Ok, I've renamed eee to eee.old. I have also uninstalled the following programs which were present - Javaâ„¢ 6 Update 7 & Limewire. In add and remove programs, it shows I have Ask Toolbar present, but when I try uninstall it pops up an error saying that it is not present. :thumbup2:

Here is the new SystemLook log:


SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 11:02 on 24/07/2009 by p (Administrator - Elevation successful)

========== dir ==========

C:\windows - Parameters: "(none)"

---Files---
0.log --a--- 0 bytes [02:48 20/11/2008] [16:14 20/11/2008]
atiogl.xml -ra--- 12477 bytes [04:17 20/11/2008] [13:48 21/01/2008]
ativpsrm.bin --a--- 0 bytes [04:22 20/11/2008] [04:22 20/11/2008]
bitssetup.log --a--- 1880 bytes [02:44 20/11/2008] [02:44 20/11/2008]
Blue Lace 16.bmp --a--- 1272 bytes [02:41 20/11/2008] [14:00 23/08/2001]
bootstat.dat --a-s- 2048 bytes [02:46 20/11/2008] [16:14 20/11/2008]
cmsetacl.log --a--- 200 bytes [02:39 20/11/2008] [02:39 20/11/2008]
Coffee Bean.bmp --a--- 17062 bytes [02:41 20/11/2008] [14:00 23/08/2001]
comsetup.log --a--- 15895 bytes [20:34 19/11/2008] [02:46 20/11/2008]
control.ini --a--- 0 bytes [02:45 20/11/2008] [02:45 20/11/2008]
desktop.ini --a--- 2 bytes [02:43 20/11/2008] [14:00 23/08/2001]
DtcInstall.log --a--- 130 bytes [02:42 20/11/2008] [02:42 20/11/2008]
explorer.exe --a--- 1033728 bytes [05:42 14/04/2008] [05:42 14/04/2008]
explorer.scf --a--- 80 bytes [14:00 23/08/2001] [14:00 23/08/2001]
FaxSetup.log --a--- 11568 bytes [20:34 19/11/2008] [02:42 20/11/2008]
FeatherTexture.bmp --a--- 16730 bytes [02:41 20/11/2008] [14:00 23/08/2001]
gdrv.sys --a--- 16608 bytes [04:16 20/11/2008] [04:16 20/11/2008]
Gone Fishing.bmp --a--- 17336 bytes [02:41 20/11/2008] [14:00 23/08/2001]
Greenstone.bmp --a--- 26582 bytes [02:41 20/11/2008] [14:00 23/08/2001]
hh.exe --a--- 10752 bytes [05:42 14/04/2008] [05:42 14/04/2008]
iis6.log --a--- 50061 bytes [20:34 19/11/2008] [02:46 20/11/2008]
imsins.log --a--- 4570 bytes [20:34 19/11/2008] [02:46 20/11/2008]
MedCtrOC.log --a--- 1487 bytes [20:34 19/11/2008] [02:42 20/11/2008]
msdfmap.ini --a--- 1405 bytes [14:00 23/08/2001] [14:00 23/08/2001]
msgsocm.log --a--- 871 bytes [20:34 19/11/2008] [02:42 20/11/2008]
MSI30-KB884016.log --a--- 688 bytes [04:17 20/11/2008] [04:17 20/11/2008]
msmqinst.log --a--- 10608 bytes [20:34 19/11/2008] [02:42 20/11/2008]
netfxocm.log --a--- 2790 bytes [20:34 19/11/2008] [02:42 20/11/2008]
NOTEPAD.EXE --a--- 69120 bytes [20:33 19/11/2008] [05:42 14/04/2008]
nsreg.dat --a--- 0 bytes [04:11 20/11/2008] [04:11 20/11/2008]
nsw.log --a--- 288 bytes [03:24 20/11/2008] [03:24 20/11/2008]
ntdtcsetup.log --a--- 7942 bytes [20:34 19/11/2008] [02:46 20/11/2008]
ocgen.log --a--- 15469 bytes [20:34 19/11/2008] [02:42 20/11/2008]
ocmsn.log --a--- 885 bytes [20:34 19/11/2008] [02:46 20/11/2008]
ODBCINST.INI --a--- 4161 bytes [20:33 19/11/2008] [02:45 20/11/2008]
OEWABLog.txt --a--- 833 bytes [02:45 20/11/2008] [02:48 20/11/2008]
Prairie Wind.bmp --a--- 65954 bytes [02:41 20/11/2008] [14:00 23/08/2001]
regedit.exe --a--- 146432 bytes [05:42 14/04/2008] [05:42 14/04/2008]
REGLOCS.OLD --a--- 8192 bytes [02:47 20/11/2008] [02:47 20/11/2008]
regopt.log --a--- 1000 bytes [20:33 19/11/2008] [20:33 19/11/2008]
Rhododendron.bmp --a--- 17362 bytes [02:41 20/11/2008] [14:00 23/08/2001]
River Sumida.bmp --a--- 26680 bytes [02:41 20/11/2008] [14:00 23/08/2001]
Santa Fe Stucco.bmp --a--- 65832 bytes [02:41 20/11/2008] [14:00 23/08/2001]
SchedLgU.Txt --a--- 2188 bytes [02:47 20/11/2008] [04:21 20/11/2008]
sessmgr.setup.log --a--- 1022 bytes [02:42 20/11/2008] [02:42 20/11/2008]
SET3.tmp -ra--- 1296669 bytes [20:33 19/11/2008] [07:40 14/04/2008]
SET4.tmp -ra--- 1088840 bytes [20:33 19/11/2008] [07:34 14/04/2008]
SET8.tmp -ra--- 16535 bytes [20:33 19/11/2008] [07:34 14/04/2008]
setupact.log --a--- 223529 bytes [20:33 19/11/2008] [02:46 20/11/2008]
setupapi.log --a--- 258136 bytes [20:33 19/11/2008] [15:50 20/11/2008]
setuperr.log --a--- 0 bytes [20:33 19/11/2008] [20:33 19/11/2008]
setuplog.txt --a--- 883929 bytes [20:33 19/11/2008] [02:48 20/11/2008]
Soap Bubbles.bmp --a--- 65978 bytes [02:41 20/11/2008] [14:00 23/08/2001]
Sti_Trace.log --a--- 0 bytes [20:36 19/11/2008] [20:36 19/11/2008]
system.ini --a--- 231 bytes [14:00 23/08/2001] [20:33 19/11/2008]
tabletoc.log --a--- 1252 bytes [20:34 19/11/2008] [02:46 20/11/2008]
TASKMAN.EXE --a--- 15360 bytes [20:33 19/11/2008] [14:00 23/08/2001]
tsoc.log --a--- 10866 bytes [20:34 19/11/2008] [02:46 20/11/2008]
twain.dll --a--- 94784 bytes [14:00 23/08/2001] [14:00 23/08/2001]
twain_32.dll --a--- 50688 bytes [05:42 14/04/2008] [05:42 14/04/2008]
twunk_16.exe --a--- 49680 bytes [14:00 23/08/2001] [14:00 23/08/2001]
twunk_32.exe --a--- 25600 bytes [14:00 23/08/2001] [14:00 23/08/2001]
vb.ini --a--- 36 bytes [02:42 20/11/2008] [02:42 20/11/2008]
vbaddin.ini --a--- 37 bytes [02:42 20/11/2008] [02:42 20/11/2008]
vmmreg32.dll --a--- 18944 bytes [14:00 23/08/2001] [14:00 23/08/2001]
wiadebug.log --a--- 401 bytes [20:36 19/11/2008] [20:36 19/11/2008]
wiaservc.log --a--- 50 bytes [20:36 19/11/2008] [20:36 19/11/2008]
win.ini --a--- 477 bytes [14:00 23/08/2001] [02:45 20/11/2008]
WindowsShell.Manifest -rah-- 749 bytes [02:44 20/11/2008] [02:44 20/11/2008]
WindowsUpdate.log --a--- 30666 bytes [02:44 20/11/2008] [16:14 20/11/2008]
winhelp.exe --a--- 256192 bytes [14:00 23/08/2001] [14:00 23/08/2001]
winhlp32.exe --a--- 283648 bytes [05:42 14/04/2008] [05:42 14/04/2008]
winnt.bmp ---hs- 48680 bytes [02:43 20/11/2008] [14:00 23/08/2001]
winnt256.bmp ---hs- 48680 bytes [02:43 20/11/2008] [14:00 23/08/2001]
wmsetup.log --a--- 936 bytes [02:42 20/11/2008] [02:48 20/11/2008]
WMSysPr9.prx --a--- 316640 bytes [02:45 20/11/2008] [02:45 20/11/2008]
Zapotec.bmp --a--- 9522 bytes [02:41 20/11/2008] [14:00 23/08/2001]
_default.pif --a--- 707 bytes [14:00 23/08/2001] [14:00 23/08/2001]

---Folders---
addins d----- [20:28 19/11/2008]
AppPatch d----- [20:28 19/11/2008]
assembly dr--s- [04:17 20/11/2008]
Config d----- [20:28 19/11/2008]
Connection Wizard d----- [20:28 19/11/2008]
Cursors d----- [20:28 19/11/2008]
Debug d----- [20:28 19/11/2008]
Downloaded Program Files d---s- [02:44 20/11/2008]
Driver Cache d----- [20:28 19/11/2008]
ehome d----- [20:28 19/11/2008]
Fonts dr--s- [20:28 19/11/2008]
Help d----- [20:28 19/11/2008]
ime d----- [20:28 19/11/2008]
inf d--h-- [20:28 19/11/2008]
Installer d--hs- [20:33 19/11/2008]
java d----- [20:28 19/11/2008]
L2Schemas d----- [20:28 19/11/2008]
Media d----- [20:28 19/11/2008]
Microsoft.NET d----- [04:17 20/11/2008]
msagent d----- [20:28 19/11/2008]
msapps d----- [20:28 19/11/2008]
mui d----- [20:28 19/11/2008]
Network Diagnostic d----- [20:28 19/11/2008]
NLDRV d----- [20:28 19/11/2008]
Offline Web Pages dr---- [02:44 20/11/2008]
pchealth d----- [20:28 19/11/2008]
PeerNet d----- [20:28 19/11/2008]
Prefetch d----- [02:47 20/11/2008]
Provisioning d----- [20:28 19/11/2008]
Registration d----- [02:42 20/11/2008]
repair d----- [20:28 19/11/2008]
Resources d----- [20:28 19/11/2008]
security d----- [20:28 19/11/2008]
SoftwareDistribution d----- [02:47 20/11/2008]
srchasst d----- [02:43 20/11/2008]
system d----- [20:28 19/11/2008]
system32 d----- [20:28 19/11/2008]
Tasks d---s- [02:43 20/11/2008]
Temp d----- [20:28 19/11/2008]
twain_32 d----- [20:28 19/11/2008]
Web dr---- [20:28 19/11/2008]
WinSxS d----- [20:28 19/11/2008]

C:\windows.0 - Parameters: "(none)"

---Files---
0.log --a--- 0 bytes [16:17 20/11/2008] [14:32 24/07/2009]
Alcmtr.exe -r---- 69632 bytes [18:36 20/11/2008] [01:43 04/05/2005]
alcwzrd.exe -r---- 2808832 bytes [18:36 20/11/2008] [23:26 04/05/2006]
ARJ.PIF --a--- 545 bytes [23:36 05/03/2009] [13:04 08/08/2008]
atiogl.xml --a--- 17917 bytes [20:38 20/11/2008] [06:58 17/04/2009]
ativpsrm.bin --a--- 0 bytes [20:49 20/11/2008] [20:49 20/11/2008]
bitssetup.log --a--- 1880 bytes [16:10 20/11/2008] [16:10 20/11/2008]
BlendSettings.ini --a--- 23 bytes [01:16 07/03/2009] [03:24 25/03/2009]
bootstat.dat --a-s- 2048 bytes [16:13 20/11/2008] [14:31 24/07/2009]
cmsetacl.log --a--- 200 bytes [16:07 20/11/2008] [16:07 20/11/2008]
COM+.log --a--- 2888 bytes [03:40 04/12/2008] [15:03 05/12/2008]
comsetup.log --a--- 133335 bytes [10:04 20/11/2008] [14:20 29/06/2009]
control.ini --a--- 0 bytes [16:11 20/11/2008] [16:11 20/11/2008]
desktop.ini --a--- 2 bytes [16:10 20/11/2008] [14:00 23/08/2001]
DHCPUPG.LOG --a--- 1125 bytes [16:18 20/11/2008] [00:21 14/03/2009]
DirectX.log --a--- 351129 bytes [19:59 20/11/2008] [02:19 16/07/2009]
DtcInstall.log --a--- 130 bytes [16:08 20/11/2008] [16:08 20/11/2008]
explorer.exe --a--- 1551872 bytes [05:42 14/04/2008] [05:42 14/04/2008]
explorer.scf --a--- 80 bytes [14:00 23/08/2001] [14:00 23/08/2001]
FaxSetup.log --a--- 357815 bytes [10:04 20/11/2008] [14:20 29/06/2009]
Fred2.INI --a--- 4511 bytes [23:18 16/01/2009] [23:18 16/01/2009]
game.ini --a--- 319 bytes [20:24 20/11/2008] [20:24 20/11/2008]
gdrv.sys --a--- 16608 bytes [18:33 20/11/2008] [20:35 20/11/2008]
grep.exe --a--- 80412 bytes [02:00 24/07/2009] [13:00 31/08/2000]
hh.exe --a--- 20992 bytes [05:42 14/04/2008] [05:42 14/04/2008]
HideWin.exe --a--- 315392 bytes [18:36 20/11/2008] [18:36 20/11/2008]
Icon_1.ico --a--- 78942 bytes [15:57 20/03/2009] [15:57 20/03/2009]
ie7_main.log --a--- 1195 bytes [17:03 20/11/2008] [17:03 20/11/2008]
ie8_main.log --a--- 23252 bytes [17:45 13/03/2009] [05:17 01/07/2009]
iis6.log --a--- 487976 bytes [10:04 20/11/2008] [14:20 29/06/2009]
imsins.BAK --a--- 1374 bytes [10:04 20/11/2008] [14:20 29/06/2009]
imsins.log --a--- 1374 bytes [10:04 20/11/2008] [14:20 29/06/2009]
IsUninst.exe --a--- 306688 bytes [20:31 14/01/2009] [22:45 29/10/1998]
KB888111.log --a--- 1554 bytes [18:32 20/11/2008] [18:33 20/11/2008]
KB898461.log --a--- 8489 bytes [16:51 20/11/2008] [16:51 20/11/2008]
KB923689.log --a--- 9423 bytes [14:19 29/06/2009] [14:19 29/06/2009]
KB938464.log --a--- 9198 bytes [17:01 20/11/2008] [17:01 20/11/2008]
KB941569.log --a--- 9707 bytes [14:19 29/06/2009] [14:19 29/06/2009]
KB946648.log --a--- 14262 bytes [17:03 20/11/2008] [17:03 20/11/2008]
KB950762.log --a--- 11708 bytes [17:02 20/11/2008] [17:02 20/11/2008]
KB950974.log --a--- 20623 bytes [16:56 20/11/2008] [17:03 20/11/2008]
KB951066.log --a--- 11458 bytes [17:02 20/11/2008] [17:02 20/11/2008]
KB951072-v2.log --a--- 30903 bytes [16:53 20/11/2008] [17:02 20/11/2008]
KB951376-v2.log --a--- 14580 bytes [17:03 20/11/2008] [17:03 20/11/2008]
KB951698.log --a--- 18411 bytes [16:56 20/11/2008] [17:02 20/11/2008]
KB951748.log --a--- 14972 bytes [14:48 13/01/2009] [00:43 14/01/2009]
KB951978.log --a--- 21699 bytes [16:56 20/11/2008] [17:03 20/11/2008]
KB952004.log --a--- 16547 bytes [01:57 29/06/2009] [14:19 29/06/2009]
KB952069.log --a--- 19844 bytes [20:48 11/12/2008] [14:19 29/06/2009]
KB952287.log --a--- 11471 bytes [17:02 20/11/2008] [17:02 20/11/2008]
KB952954.log --a--- 21165 bytes [16:57 20/11/2008] [17:03 20/11/2008]
KB954211.log --a--- 12452 bytes [17:02 20/11/2008] [17:02 20/11/2008]
KB954459.log --a--- 17304 bytes [16:52 20/11/2008] [17:02 20/11/2008]
KB954600.log --a--- 6884 bytes [20:48 11/12/2008] [20:48 11/12/2008]
KB955069.log --a--- 11307 bytes [17:01 20/11/2008] [17:01 20/11/2008]
KB955839.log --a--- 27405 bytes [20:04 11/12/2008] [20:49 11/12/2008]
KB956390.log --a--- 17756 bytes [16:52 20/11/2008] [17:01 20/11/2008]
KB956391.log --a--- 13813 bytes [17:03 20/11/2008] [17:03 20/11/2008]
KB956572.log --a--- 19303 bytes [14:19 29/06/2009] [14:20 29/06/2009]
KB956802.log --a--- 11681 bytes [20:02 11/12/2008] [20:48 11/12/2008]
KB956803.log --a--- 14333 bytes [17:03 20/11/2008] [17:03 20/11/2008]
KB956841.log --a--- 12803 bytes [17:02 20/11/2008] [17:02 20/11/2008]
KB957095.log --a--- 14332 bytes [17:03 20/11/2008] [17:03 20/11/2008]
KB957097.log --a--- 11771 bytes [17:02 20/11/2008] [17:02 20/11/2008]
KB958215.log --a--- 9793 bytes [20:49 11/12/2008] [20:49 11/12/2008]
KB958644.log --a--- 11841 bytes [17:01 20/11/2008] [17:01 20/11/2008]
KB958687.log --a--- 7257 bytes [04:29 15/01/2009] [04:29 15/01/2009]
KB958690.log --a--- 11364 bytes [04:53 11/03/2009] [06:24 11/03/2009]
KB959426.log --a--- 24027 bytes [01:58 29/06/2009] [14:20 29/06/2009]
KB960225.log --a--- 11445 bytes [04:53 11/03/2009] [06:24 11/03/2009]
KB960714.log --a--- 7611 bytes [17:45 18/12/2008] [17:45 18/12/2008]
KB960715.log --a--- 6121 bytes [15:08 12/02/2009] [15:09 12/02/2009]
KB960803.log --a--- 14497 bytes [01:56 29/06/2009] [14:17 29/06/2009]
KB961118.log --a--- 5107 bytes [17:16 25/02/2009] [17:16 25/02/2009]
KB961371.log --a--- 4382 bytes [14:33 24/07/2009] [14:33 24/07/2009]
KB961373.log --a--- 22700 bytes [01:58 29/06/2009] [14:20 29/06/2009]
KB961501.log --a--- 17914 bytes [01:57 29/06/2009] [14:19 29/06/2009]
KB967715.log --a--- 11654 bytes [16:11 25/02/2009] [17:16 25/02/2009]
KB968537.log --a--- 14171 bytes [01:56 29/06/2009] [14:17 29/06/2009]
KB969897.log --a--- 18891 bytes [01:57 29/06/2009] [14:19 29/06/2009]
KB969898.log --a--- 9141 bytes [14:19 29/06/2009] [14:19 29/06/2009]
KB970238.log --a--- 15029 bytes [01:56 29/06/2009] [14:17 29/06/2009]
KB971633.log --a--- 4465 bytes [14:33 24/07/2009] [14:33 24/07/2009]
LHA.PIF --a--- 545 bytes [23:36 05/03/2009] [13:04 08/08/2008]
MedCtrOC.log --a--- 27177 bytes [10:04 20/11/2008] [14:20 29/06/2009]
MicCal.exe -r---- 2165760 bytes [18:36 20/11/2008] [23:44 28/06/2007]
msdfmap.ini --a--- 1405 bytes [14:00 23/08/2001] [14:00 23/08/2001]
msgsocm.log --a--- 19128 bytes [10:04 20/11/2008] [14:20 29/06/2009]
MSI30-KB884016.log --a--- 694 bytes [20:38 20/11/2008] [20:38 20/11/2008]
msmqinst.log --a--- 127686 bytes [10:04 20/11/2008] [14:20 29/06/2009]
msxml4-KB954430-enu.LOG --a--- 315850 bytes [14:09 20/01/2009] [14:09 20/01/2009]
netfxocm.log --a--- 65464 bytes [10:04 20/11/2008] [14:20 29/06/2009]
NIRCMD.exe --a--- 31232 bytes [02:00 24/07/2009] [17:56 20/04/2009]
NLSDownlevelMapping.log --a--- 3383 bytes [17:09 20/03/2009] [17:09 20/03/2009]
NOCLOSE.PIF --a--- 545 bytes [23:36 05/03/2009] [13:04 08/08/2008]
NOTEPAD.EXE --a--- 69120 bytes [10:04 20/11/2008] [05:42 14/04/2008]
nsreg.dat --a--- 0 bytes [16:43 20/11/2008] [16:43 20/11/2008]
nsw.log --a--- 747 bytes [05:24 21/05/2009] [05:25 21/05/2009]
ntbtlog.txt --a--- 777666 bytes [02:55 25/03/2009] [00:43 24/07/2009]
ntdtcsetup.log --a--- 82512 bytes [10:04 20/11/2008] [14:20 29/06/2009]
ocgen.log --a--- 220093 bytes [10:04 20/11/2008] [14:20 29/06/2009]
ocmsn.log --a--- 21144 bytes [10:04 20/11/2008] [14:20 29/06/2009]
ODBCINST.INI --a--- 4249 bytes [10:04 20/11/2008] [16:11 20/11/2008]
OEWABLog.txt --a--- 833 bytes [16:11 20/11/2008] [16:17 20/11/2008]
PEV.exe --a--- 219648 bytes [02:00 24/07/2009] [10:48 13/07/2009]
PKUNZIP.PIF --a--- 545 bytes [23:36 05/03/2009] [13:04 08/08/2008]
PKZIP.PIF --a--- 545 bytes [23:36 05/03/2009] [13:04 08/08/2008]
PowerReg.dat --a--- 0 bytes [00:21 15/01/2009] [00:21 15/01/2009]
RAR.PIF --a--- 545 bytes [23:36 05/03/2009] [13:04 08/08/2008]
regedit.exe --a--- 267264 bytes [05:42 14/04/2008] [05:42 14/04/2008]
REGLOCS.OLD --a--- 8192 bytes [16:16 20/11/2008] [16:16 20/11/2008]
regopt.log --a--- 1008 bytes [10:04 20/11/2008] [10:04 20/11/2008]
resetlog.txt --a--- 4631 bytes [02:41 29/06/2009] [02:41 29/06/2009]
RTHDCPL.exe -r---- 16862720 bytes [18:36 20/11/2008] [01:50 14/05/2008]
RtkUpd.exe --a--- 1196032 bytes [18:37 20/11/2008] [01:27 02/04/2008]
RTLCPL.exe -r---- 9715200 bytes [18:36 20/11/2008] [02:19 24/03/2007]
RtlExUpd.dll -r---- 520192 bytes [18:36 20/11/2008] [01:07 06/03/2008]
RtlUpd.exe -r---- 1196032 bytes [18:37 20/11/2008] [16:27 02/04/2008]
SchedLgU.Txt --a--- 32590 bytes [16:17 20/11/2008] [15:33 24/07/2009]
sed.exe --a--- 98816 bytes [02:00 24/07/2009] [13:00 31/08/2000]
sessmgr.setup.log --a--- 1022 bytes [16:09 20/11/2008] [16:09 20/11/2008]
SET3.tmp -ra--- 1296669 bytes [10:02 20/11/2008] [07:40 14/04/2008]
SET4.tmp -ra--- 1088840 bytes [10:02 20/11/2008] [07:34 14/04/2008]
SET8.tmp -ra--- 16535 bytes [10:02 20/11/2008] [07:34 14/04/2008]
Setup1.exe ------ 249856 bytes [05:11 09/03/2009] [05:11 09/03/2009]
setupact.log --a--- 222740 bytes [10:02 20/11/2008] [02:31 20/06/2009]
setupapi.log --a--- 35084 bytes [14:19 29/06/2009] [01:04 14/07/2009]
setupapi.log.0.old --a--- 3751372 bytes [03:38 14/05/2009] [18:53 27/06/2009]
setuperr.log --a--- 0 bytes [10:02 20/11/2008] [10:02 20/11/2008]
setuplog.txt --a--- 877410 bytes [10:02 20/11/2008] [16:17 20/11/2008]
SIERRA.INI --a--- 288 bytes [00:50 22/07/2009] [00:56 22/07/2009]
SkyTel.exe -r---- 1826816 bytes [18:37 20/11/2008] [01:15 21/11/2007]
SoundMan.exe -r---- 86016 bytes [18:37 20/11/2008] [23:14 21/07/2006]
spupdsvc.log --a--- 3609 bytes [18:52 25/01/2009] [15:22 29/06/2009]
ST6UNST.EXE --a--- 73216 bytes [05:11 09/03/2009] [05:11 09/03/2009]
startup.bmp --a--- 8294454 bytes [16:18 20/03/2009] [16:18 20/03/2009]
Sti_Trace.log --a--- 0 bytes [10:06 20/11/2008] [10:06 20/11/2008]
SWAT.INI --a--- 0 bytes [01:46 22/07/2009] [01:46 22/07/2009]
SWREG.exe --a--- 161792 bytes [02:00 24/07/2009] [13:00 31/08/2000]
SWSC.exe --a--- 136704 bytes [02:00 24/07/2009] [13:00 31/08/2000]
SWXCACLS.exe --a--- 212480 bytes [02:00 24/07/2009] [13:00 31/08/2000]
system.ini --a--- 227 bytes [14:00 23/08/2001] [02:53 24/07/2009]
tabletoc.log --a--- 18046 bytes [10:04 20/11/2008] [14:20 29/06/2009]
TASKMAN.EXE --a--- 15360 bytes [10:04 20/11/2008] [14:00 23/08/2001]
tsoc.log --a--- 181013 bytes [10:04 20/11/2008] [14:20 29/06/2009]
twain.dll --a--- 94784 bytes [14:00 23/08/2001] [14:00 23/08/2001]
twain_32.dll --a--- 50688 bytes [05:42 14/04/2008] [05:42 14/04/2008]
twunk_16.exe --a--- 49680 bytes [14:00 23/08/2001] [14:00 23/08/2001]
twunk_32.exe --a--- 25600 bytes [14:00 23/08/2001] [14:00 23/08/2001]
UC.PIF --a--- 545 bytes [23:36 05/03/2009] [13:04 08/08/2008]
UFO Extraterrestrials Setup Log.txt --a--- 84709 bytes [02:34 07/06/2009] [02:38 07/06/2009]
unswat.exe --a--- 151552 bytes [00:51 22/07/2009] [22:40 01/07/1998]
updspapi.log --a--- 15785 bytes [17:01 20/11/2008] [14:20 29/06/2009]
USetup.iss -r---- 553 bytes [18:43 20/11/2008] [22:18 14/11/2007]
vb.ini --a--- 36 bytes [16:09 20/11/2008] [16:09 20/11/2008]
vbaddin.ini --a--- 37 bytes [16:09 20/11/2008] [16:09 20/11/2008]
vmmreg32.dll --a--- 18944 bytes [14:00 23/08/2001] [14:00 23/08/2001]
WgaNotify.log --a--- 9964 bytes [17:02 20/11/2008] [17:02 20/11/2008]
wiadebug.log --a--- 159 bytes [10:06 20/11/2008] [14:32 24/07/2009]
wiaservc.log --a--- 49 bytes [10:06 20/11/2008] [14:32 24/07/2009]
win.ini --a--- 477 bytes [14:00 23/08/2001] [20:47 01/07/2009]
wincmd.ini --a--- 604 bytes [23:36 05/03/2009] [23:37 05/03/2009]
WindowsShell.Manifest -rah-- 749 bytes [16:11 20/11/2008] [16:11 20/11/2008]
WindowsUpdate.log --a--- 1455242 bytes [16:10 20/11/2008] [16:02 24/07/2009]
winhelp.exe --a--- 256192 bytes [14:00 23/08/2001] [14:00 23/08/2001]
winhlp32.exe --a--- 351232 bytes [05:42 14/04/2008] [05:42 14/04/2008]
wininit.ini --a--- 825 bytes [15:04 03/06/2009] [18:37 10/07/2009]
winnt.bmp ---hs- 48680 bytes [16:10 20/11/2008] [14:00 23/08/2001]
winnt256.bmp ---hs- 48680 bytes [16:10 20/11/2008] [14:00 23/08/2001]
WINNT32.LOG --a--- 736 bytes [16:18 20/11/2008] [00:21 14/03/2009]
wmsetup.log --a--- 33480 bytes [16:08 20/11/2008] [23:08 12/07/2009]
WMSysPr9.prx --a--- 316640 bytes [16:11 20/11/2008] [03:04 20/04/2009]
wsdu.log --a--- 148 bytes [16:18 20/11/2008] [16:18 20/11/2008]
zip.exe --a--- 68096 bytes [02:00 24/07/2009] [13:00 31/08/2000]
_default.pif --a--- 707 bytes [14:00 23/08/2001] [14:00 23/08/2001]

---Folders---
$hf_mig$ d--h-- [16:51 20/11/2008]
$NtServicePackUninstallNLSDownlevelMapping$ d--h-c [17:09 20/03/2009]
$NtUninstallKB898461$ d--h-c [16:51 20/11/2008]
$NtUninstallKB923689$ d--h-c [14:19 29/06/2009]
$NtUninstallKB938464$ d--h-c [17:01 20/11/2008]
$NtUninstallKB941569$ d--h-c [14:19 29/06/2009]
$NtUninstallKB946648$ d--h-c [17:03 20/11/2008]
$NtUninstallKB950762$ d--h-c [17:02 20/11/2008]
$NtUninstallKB950974$ d--h-c [17:02 20/11/2008]
$NtUninstallKB951066$ d--h-c [17:02 20/11/2008]
$NtUninstallKB951072-v2$ d--h-c [17:02 20/11/2008]
$NtUninstallKB951376-v2$ d--h-c [17:03 20/11/2008]
$NtUninstallKB951698$ d--h-c [17:02 20/11/2008]
$NtUninstallKB951748$ d--h-c [00:43 14/01/2009]
$NtUninstallKB951978$ d--h-c [17:03 20/11/2008]
$NtUninstallKB952004$ d--h-c [14:19 29/06/2009]
$NtUninstallKB952069_WM9$ d--h-c [20:48 11/12/2008]
$NtUninstallKB952287$ d--h-c [17:02 20/11/2008]
$NtUninstallKB952954$ d--h-c [17:03 20/11/2008]
$NtUninstallKB954211$ d--h-c [17:02 20/11/2008]
$NtUninstallKB954459$ d--h-c [17:01 20/11/2008]
$NtUninstallKB954600$ d--h-c [20:48 11/12/2008]
$NtUninstallKB955069$ d--h-c [17:01 20/11/2008]
$NtUninstallKB955839$ d--h-c [20:49 11/12/2008]
$NtUninstallKB956390$ d--h-c [17:01 20/11/2008]
$NtUninstallKB956391$ d--h-c [17:03 20/11/2008]
$NtUninstallKB956572$ d--h-c [14:20 29/06/2009]
$NtUninstallKB956802$ d--h-c [20:48 11/12/2008]
$NtUninstallKB956803$ d--h-c [17:03 20/11/2008]
$NtUninstallKB956841$ d--h-c [17:02 20/11/2008]
$NtUninstallKB957095$ d--h-c [17:03 20/11/2008]
$NtUninstallKB957097$ d--h-c [17:02 20/11/2008]
$NtUninstallKB958215$ d--h-c [20:49 11/12/2008]
$NtUninstallKB958644$ d--h-c [17:01 20/11/2008]
$NtUninstallKB958687$ d--h-c [04:29 15/01/2009]
$NtUninstallKB958690$ d--h-c [06:23 11/03/2009]
$NtUninstallKB959426$ d--h-c [14:20 29/06/2009]
$NtUninstallKB960225$ d--h-c [06:24 11/03/2009]
$NtUninstallKB960714$ d--h-c [17:45 18/12/2008]
$NtUninstallKB960715$ d--h-c [15:08 12/02/2009]
$NtUninstallKB960803$ d--h-c [14:17 29/06/2009]
$NtUninstallKB961118$ d--h-c [17:16 25/02/2009]
$NtUninstallKB961373$ d--h-c [14:20 29/06/2009]
$NtUninstallKB961501$ d--h-c [14:19 29/06/2009]
$NtUninstallKB967715$ d--h-c [17:15 25/02/2009]
$NtUninstallKB968537$ d--h-c [14:17 29/06/2009]
$NtUninstallKB969897$ d--h-c [14:19 29/06/2009]
$NtUninstallKB969898$ d--h-c [14:19 29/06/2009]
$NtUninstallKB970238$ d--h-c [14:17 29/06/2009]
addins d----- [09:57 20/11/2008]
AppPatch d----- [09:57 20/11/2008]
assembly dr--s- [20:39 20/11/2008]
Config d----- [09:57 20/11/2008]
Connection Wizard d----- [09:57 20/11/2008]
CSC d--hs- [15:49 20/03/2009]
Cursors d----- [09:57 20/11/2008]
Debug d----- [09:57 20/11/2008]
Downloaded Program Files d---s- [16:11 20/11/2008]
Driver Cache d----- [09:57 20/11/2008]
ehome d----- [09:57 20/11/2008]
ERDNT d----- [20:56 28/06/2009]
Fonts dr--s- [09:57 20/11/2008]
ftpcache d--hs- [20:12 20/11/2008]
G2Runner d----- [00:22 23/12/2008]
Help d----- [09:57 20/11/2008]
ime d----- [09:57 20/11/2008]
inf d--h-- [09:57 20/11/2008]
Installer d--hs- [10:04 20/11/2008]
java d----- [09:57 20/11/2008]
L2Schemas d----- [09:57 20/11/2008]
LastGood d----- [14:33 24/07/2009]
Logs d----- [23:06 09/12/2008]
Media d----- [09:57 20/11/2008]
Microsoft.NET d----- [20:38 20/11/2008]
Minidump d----- [03:25 14/05/2009]
msagent d----- [09:57 20/11/2008]
msapps d----- [09:57 20/11/2008]
mui d----- [09:57 20/11/2008]
Network Diagnostic d----- [09:57 20/11/2008]
NLDRV d----- [09:57 20/11/2008]
Offline Web Pages dr---- [16:11 20/11/2008]
Options d----- [19:15 15/03/2009]
pchealth d----- [09:57 20/11/2008]
PeerNet d----- [09:57 20/11/2008]
PIF d--h-- [19:45 18/04/2009]
Prefetch d----- [16:17 20/11/2008]
Provisioning d----- [09:57 20/11/2008]
pss d----- [15:48 01/07/2009]
RegisteredPackages d----- [02:49 19/03/2009]
Registration d----- [16:09 20/11/2008]
repair d----- [09:57 20/11/2008]
Resources d----- [09:57 20/11/2008]
security d----- [09:57 20/11/2008]
SHELLNEW d----- [00:39 17/12/2008]
SoftwareDistribution d----- [16:17 20/11/2008]
srchasst d----- [16:10 20/11/2008]
Sun d----- [02:36 04/02/2009]
system d----- [09:57 20/11/2008]
system32 d-a--- [09:57 20/11/2008]
Tasks d---s- [16:10 20/11/2008]
Temp d----- [09:57 20/11/2008]
twain_32 d----- [09:57 20/11/2008]
UFO Extraterrestrials d----- [02:35 07/06/2009]
VistaMizer d----- [16:09 20/03/2009]
Web dr---- [09:57 20/11/2008]
WinSxS d----- [09:57 20/11/2008]

c:\documents and settings\p\Trillian - Parameters: "/s"

---Files---
None found.

c:\documents and settings\p\Trillian\User Settings d----- [02:21 25/06/2009]

c:\documents and settings\p\Trillian\User Settings\ *** d----- [02:21 25/06/2009]
aim-contactcache.ini --a--- 2891 bytes [02:22 25/06/2009] [02:22 25/06/2009]
aim.ini --a--- 1849 bytes [02:22 25/06/2009] [03:22 25/06/2009]
av.ini --a--- 53 bytes [03:22 25/06/2009] [03:22 25/06/2009]
Buddies.xml --a--- 14370 bytes [02:22 25/06/2009] [03:22 25/06/2009]
buddy.ini --a--- 908 bytes [02:25 25/06/2009] [03:22 25/06/2009]
Events.xml --a--- 7875 bytes [02:22 25/06/2009] [03:22 25/06/2009]
msn-contactcache.ini --a--- 530 bytes [02:22 25/06/2009] [02:22 25/06/2009]
msn.ini --a--- 816 bytes [02:22 25/06/2009] [03:22 25/06/2009]
plugins.ini --a--- 1030 bytes [02:22 25/06/2009] [03:22 25/06/2009]
proxy.ini --a--- 486 bytes [03:22 25/06/2009] [03:22 25/06/2009]
talk.ini --a--- 3011 bytes [02:22 25/06/2009] [03:22 25/06/2009]
toolkit.ini --a--- 423 bytes [02:22 25/06/2009] [03:22 25/06/2009]
trillian.ini --a--- 1000 bytes [02:22 25/06/2009] [03:22 25/06/2009]
upnp.ini --a--- 8 bytes [03:22 25/06/2009] [03:22 25/06/2009]
Whistler.ini --a--- 3223 bytes [02:22 25/06/2009] [03:22 25/06/2009]
xbuddy.dtd --a--- 341 bytes [02:22 25/06/2009] [03:22 25/06/2009]
xevents.dtd --a--- 41 bytes [02:22 25/06/2009] [03:22 25/06/2009]

c:\documents and settings\p\Trillian\User Settings\ *** \buddyicons d----- [02:22 25/06/2009]
AIM- *** --a--- 2695 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** --a--- 3780 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** --a--- 7157 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** --a--- 5858 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** --a--- 6574 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** --a--- 7078 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** --a--- 1862 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** --a--- 1242 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** --a--- 3143 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** --a--- 1691 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** --a--- 7148 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** --a--- 5840 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** --a--- 7002 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** --a--- 1384 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** --a--- 6951 bytes [02:22 25/06/2009] [02:22 25/06/2009]
mybuddyicon --a--- 6968 bytes [02:22 25/06/2009] [14:00 23/08/2001]

c:\documents and settings\p\Trillian\User Settings\ *** \buddyicons\assets d----- [02:22 25/06/2009]
AIM- *** .gif --a--- 2695 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** .jpg --a--- 3780 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM *** .jpg --a--- 7157 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** .jpg --a--- 5858 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** .gif --a--- 6574 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** .gif --a--- 7078 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** .jpg --a--- 1862 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** .jpg --a--- 1242 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** .gif --a--- 3143 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** .jpg --a--- 1691 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** .jpg --a--- 7148 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** .gif --a--- 5840 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** .jpg --a--- 7002 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** .jpg --a--- 1384 bytes [02:22 25/06/2009] [02:22 25/06/2009]
AIM- *** .gif --a--- 6951 bytes [02:22 25/06/2009] [02:22 25/06/2009]

c:\documents and settings\p\Trillian\User Settings\ *** \cache d----- [02:22 25/06/2009]

c:\documents and settings\p\Trillian\User Settings\ *** \instantlookup d----- [02:24 25/06/2009]
il.ini --a--- 48 bytes [02:24 25/06/2009] [02:24 25/06/2009]
wiki.dat --a--- 8512276 bytes [16:30 01/02/2005] [16:30 01/02/2005]

c:\documents and settings\p\Trillian\User Settings\ *** \logs d----- [02:22 25/06/2009]

c:\documents and settings\p\Trillian\User Settings\ *** \logs\AIM d----- [02:22 25/06/2009]

c:\documents and settings\p\Trillian\User Settings\anibanan\logs\AIM\Query d----- [02:22 25/06/2009]
*** -assets.xml --a--- 180 bytes [02:22 25/06/2009] [02:22 25/06/2009]
*** -assets.xml --a--- 182 bytes [02:22 25/06/2009] [02:22 25/06/2009]
*** -assets.xml --a--- 198 bytes [02:22 25/06/2009] [02:22 25/06/2009]
*** -assets.xml --a--- 182 bytes [02:22 25/06/2009] [02:22 25/06/2009]
*** -assets.xml --a--- 184 bytes [02:22 25/06/2009] [02:22 25/06/2009]
*** -assets.xml --a--- 184 bytes [02:22 25/06/2009] [02:22 25/06/2009]
*** -assets.xml --a--- 182 bytes [02:22 25/06/2009] [02:22 25/06/2009]
*** -assets.xml --a--- 178 bytes [02:22 25/06/2009] [02:22 25/06/2009]
*** -assets.xml --a--- 186 bytes [02:22 25/06/2009] [02:22 25/06/2009]
*** -assets.xml --a--- 176 bytes [02:22 25/06/2009] [02:22 25/06/2009]
*** -assets.xml --a--- 196 bytes [02:22 25/06/2009] [02:22 25/06/2009]
*** -assets.xml --a--- 190 bytes [02:22 25/06/2009] [02:22 25/06/2009]
*** -assets.xml --a--- 184 bytes [02:22 25/06/2009] [02:22 25/06/2009]
*** -assets.xml --a--- 184 bytes [02:22 25/06/2009] [02:22 25/06/2009]
*** -assets.xml --a--- 182 bytes [02:22 25/06/2009] [02:22 25/06/2009]
*** .log --a--- 446 bytes [03:18 25/06/2009] [03:21 25/06/2009]
*** .xml --a--- 1065 bytes [03:18 25/06/2009] [03:21 25/06/2009]

========== env ==========
%windir% = C:\WINDOWS.0
%systemroot% = C:\WINDOWS.0

-=End Of File=-

Edited by _temp_, 24 July 2009 - 12:03 PM.
removed login names


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:48 PM

Posted 24 July 2009 - 12:31 PM

Hi,

Daemon Toolbar and the Askbar are actually the same thing. It might be causing this error.

Could you please tell me if you can simply copy the file C:\windows\system32\proquota.exe into C:\windows.0\system32:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Navigate to C:\windows\system32 with Epxlorer. Do a right click on proquota.exe and select copy.
Browse to C:\windows.0\system32 with Explorer and do a right click on some empty space and select paste

If you encounter any problems with these instructions, let me know.

Please also add a new OTL log into your next reply:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 afella

afella
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MO
  • Local time:12:48 PM

Posted 24 July 2009 - 02:05 PM

Ok, thanks. I copied proquota.exe to C:\WINDOWS.0\system32 as requested. Didnt seem to be any trouble. Then I ran OTL and posted the results below.

----------------------------------------
OTL LOG
----------------------------------------


OTL logfile created on: 7/24/2009 1:53:07 PM - Run 1
OTL by OldTimer - Version 3.0.10.2 Folder = C:\Documents and Settings\p\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 15.66 Gb Free Space | 8.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 667.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 400.86 Gb Total Space | 60.58 Gb Free Space | 15.11% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAUL
Current User Name: p
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/05/15 22:15:52 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS.0\System32\Ati2evxx.exe
PRC - [2009/05/15 22:15:52 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS.0\System32\Ati2evxx.exe
PRC - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/04 13:11:02 | 00,068,608 | ---- | M] () -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/06/20 17:16:04 | 00,075,064 | ---- | M] () -- C:\WINDOWS.0\System32\PnkBstrA.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\System32\wdfmgr.exe
PRC - [2008/04/14 00:42:20 | 01,551,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\Explorer.EXE
PRC - [2008/05/13 20:50:46 | 16,862,720 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS.0\RTHDCPL.EXE
PRC - [2009/04/22 17:38:50 | 00,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/06/22 15:12:38 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2008/04/13 19:39:20 | 00,049,152 | ---- | M] (artArmin) -- C:\Program Files\Vista Drive Icon\DrvIcon.exe
PRC - File not found -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2009/03/06 17:03:08 | 02,171,392 | ---- | M] (OrdinarySoft) -- C:\Program Files\Vista Start Menu\VistaStartMenu.exe
PRC - [2007/09/02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2008/11/23 12:58:10 | 01,247,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/11/23 12:58:10 | 01,247,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/11/23 12:58:10 | 01,247,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/04/22 17:37:16 | 00,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\System32\wbem\wmiprvse.exe
PRC - [2009/06/22 15:12:36 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/06/22 15:12:42 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/10 10:23:06 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/05/04 15:16:24 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/06/22 15:12:42 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/24 09:37:59 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/24 13:52:34 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\p\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/05/15 22:15:52 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS.0\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/05/15 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS.0\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/07/04 13:11:02 | 00,068,608 | ---- | M] () -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
SRV - [2009/07/10 10:23:06 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/06/22 15:12:36 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/02/01 00:28:28 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/10/06 10:19:36 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2009/02/03 22:04:47 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98675578702b2 [Auto | Stopped])
SRV - [2008/04/14 00:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/06/23 06:46:15 | 01,003,344 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped])
SRV - [2009/02/05 18:02:34 | 00,069,632 | ---- | M] (Macromedia) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/06/20 17:16:04 | 00,075,064 | ---- | M] () -- C:\WINDOWS.0\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2008/04/14 00:42:12 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/05/15 22:58:45 | 04,069,888 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS.0\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/07/10 10:23:08 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.0\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/22 15:12:42 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.0\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/04 15:16:21 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.0\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/11/30 03:54:02 | 00,610,816 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS.0\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2008/11/20 15:35:57 | 00,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS.0\gdrv.sys -- (gdrv [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS.0\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 17:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS.0\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/05/14 19:03:12 | 04,742,144 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS.0\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2009/03/09 14:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS.0\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/07/26 10:25:48 | 00,627,864 | R--- | M] (Logitech Inc.) -- C:\WINDOWS.0\System32\DRIVERS\lvrs.sys -- (LVRS [On_Demand | Stopped])
DRV - [2008/07/26 10:26:22 | 00,041,752 | R--- | M] (Logitech Inc.) -- C:\WINDOWS.0\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
DRV - [2004/04/13 19:20:08 | 00,015,781 | R--- | M] (Meetinghouse Data Communications) -- C:\WINDOWS.0\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2008/07/26 10:22:22 | 00,013,848 | R--- | M] (Logitech Inc.) -- C:\WINDOWS.0\System32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Stopped])
DRV - [2008/07/26 10:22:34 | 02,570,520 | R--- | M] (Logitech Inc.) -- C:\WINDOWS.0\System32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Stopped])
DRV - [2001/08/23 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS.0\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/29 04:48:00 | 03,688,960 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS.0\System32\drivers\RtHDMI.sys -- (RTHDMIAzAudService [On_Demand | Running])
DRV - [2009/03/23 14:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/03/23 14:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- F:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/03/23 14:07:26 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- F:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/04/13 17:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS.0\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/08/10 07:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS.0\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2005/05/16 08:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS.0\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2005/08/10 09:06:28 | 00,019,968 | ---- | M] (Protection Technology) -- C:\WINDOWS.0\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2009/06/01 20:55:12 | 00,721,904 | ---- | M] () -- C:\WINDOWS.0\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1454471165-764733703-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKU\S-1-5-21-1454471165-764733703-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1454471165-764733703-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1454471165-764733703-682003330-1003\S-1-5-21-1454471165-764733703-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Hyperwords"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en&source=iglk"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.506.014.001
FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.1
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.14
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.30.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {9A752782-D706-479b-98F8-3F66BF921692}:5.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0
FF - prefs.js..extensions.enabledItems: nexttab@prodizy.livejournal.com:0.2.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.44.18.20090408.3
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/01/25 13:54:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/22 15:13:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/30 15:01:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/06/22 15:13:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/07/23 22:30:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/24 09:38:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/24 09:38:06 | 00,000,000 | ---D | M]

[2009/01/30 15:02:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Extensions
[2008/11/20 11:43:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/30 15:02:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/07/23 22:30:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Firefox\Profiles\9p2a3ryq.default\extensions
[2009/07/09 09:38:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Firefox\Profiles\9p2a3ryq.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/07/08 09:05:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Firefox\Profiles\9p2a3ryq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/07/09 09:38:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Firefox\Profiles\9p2a3ryq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2009/05/24 13:43:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Firefox\Profiles\9p2a3ryq.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2009/07/23 22:20:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Firefox\Profiles\9p2a3ryq.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2008/12/01 21:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Firefox\Profiles\9p2a3ryq.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/07/09 09:38:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Firefox\Profiles\9p2a3ryq.default\extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}
[2009/02/18 16:12:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Firefox\Profiles\9p2a3ryq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/01 11:50:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Firefox\Profiles\9p2a3ryq.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/05/24 13:43:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Firefox\Profiles\9p2a3ryq.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/07/02 14:43:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Firefox\Profiles\9p2a3ryq.default\extensions\foxmarks@kei.com
[2009/07/01 11:50:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Firefox\Profiles\9p2a3ryq.default\extensions\lazarus@interclue.com
[2009/07/23 22:20:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\p\Application Data\mozilla\Firefox\Profiles\9p2a3ryq.default\extensions\nexttab@prodizy.livejournal.com
[2009/07/23 22:20:53 | 00,004,446 | ---- | M] () -- C:\Documents and Settings\p\Application Data\Mozilla\FireFox\Profiles\9p2a3ryq.default\searchplugins\hyperwords.xml
[2009/07/24 11:26:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/24 09:38:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/20 12:21:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/01/30 15:01:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/02 10:36:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/09 15:57:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/24 09:37:58 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/24 09:37:58 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/16 20:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/24 09:38:02 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2006/05/16 22:40:18 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/05 23:01:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/05 23:01:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/05 23:01:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/05 23:01:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/05 23:01:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/05 23:01:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/05 23:01:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/08/09 05:16:08 | 00,030,408 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npWebLaunch.dll
[2008/10/06 10:19:36 | 00,114,540 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/06/24 06:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 06:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/11 00:30:34 | 00,001,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/06/24 06:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 06:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 06:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 06:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 06:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS.0\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKU\S-1-5-21-1454471165-764733703-682003330-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-764733703-682003330-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe (artArmin)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS.0\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1454471165-764733703-682003330-1003..\Run: [Google Update] C:\Documents and Settings\p\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-1454471165-764733703-682003330-1003..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1454471165-764733703-682003330-1003..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1454471165-764733703-682003330-1003..\Run: [VistaStartMenu] C:\Program Files\Vista Start Menu\VistaStartMenu.exe (OrdinarySoft)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\p\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1454471165-764733703-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1454471165-764733703-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-764733703-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1454471165-764733703-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1454471165-764733703-682003330-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS.0\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1454471165-764733703-682003330-1003\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS.0\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS.0\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/19 21:45:13 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/22 18:53:08 | 00,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O32 - AutoRun File - [1998/03/21 07:18:36 | 00,282,560 | R--- | M] () - E:\AUTORUN.BMP -- [ CDFS ]
O32 - AutoRun File - [1998/06/30 11:56:08 | 00,607,232 | R--- | M] (Sierra On-Line, Inc.) - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2000/08/11 13:22:06 | 00,000,053 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0ea29d5b-b6e9-11dd-8f9f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0ea29d5b-b6e9-11dd-8f9f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0ea29d5b-b6e9-11dd-8f9f-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup.now.exe -- [2001/01/29 07:54:08 | 00,102,400 | R--- | M] (Sold Out Software Ltd.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS.0\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS.0\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS.0\System32\*.tmp files]
[3 C:\WINDOWS.0\*.tmp files]
[2009/07/24 13:52:32 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\p\Desktop\OTL.exe
[2009/07/24 13:52:02 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\proquota.exe
[2009/07/24 13:52:02 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\proquota.exe
[2009/07/24 11:34:09 | 01,422,336 | ---- | C] (CheatHappens) -- C:\Documents and Settings\p\Desktop\Spore Trainer.exe
[2009/07/24 11:33:48 | 01,163,686 | ---- | C] () -- C:\Documents and Settings\p\Desktop\aboutsporetime-ch.zip
[2009/07/24 11:00:55 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/24 09:46:26 | 00,102,148 | ---- | C] () -- C:\Documents and Settings\p\Desktop\SystemLook.exe
[2009/07/24 09:37:56 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/24 09:33:33 | 00,000,000 | ---D | C] -- C:\WINDOWS.0\LastGood
[2009/07/23 22:00:43 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\mfc40u.dll
[2009/07/23 22:00:43 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\ntmssvc.dll
[2009/07/23 22:00:43 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\netlogon.dll
[2009/07/23 22:00:43 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\rpcss.dll
[2009/07/23 22:00:43 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\srsvc.dll
[2009/07/23 22:00:43 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\aec.sys
[2009/07/23 22:00:43 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\rasauto.dll
[2009/07/23 22:00:43 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\msgsvc.dll
[2009/07/23 22:00:43 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\lpk.dll
[2009/07/23 22:00:43 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\acpiec.sys
[2009/07/23 22:00:43 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\sfc.dll
[2009/07/23 22:00:43 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\null.sys
[2009/07/23 21:00:40 | 00,219,648 | ---- | C] () -- C:\WINDOWS.0\PEV.exe
[2009/07/23 21:00:40 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWXCACLS.exe
[2009/07/23 21:00:40 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWREG.exe
[2009/07/23 21:00:40 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWSC.exe
[2009/07/23 21:00:40 | 00,098,816 | ---- | C] () -- C:\WINDOWS.0\sed.exe
[2009/07/23 21:00:40 | 00,080,412 | ---- | C] () -- C:\WINDOWS.0\grep.exe
[2009/07/23 21:00:40 | 00,068,096 | ---- | C] () -- C:\WINDOWS.0\zip.exe
[2009/07/23 21:00:40 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS.0\NIRCMD.exe
[2009/07/23 20:55:56 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/07/23 20:49:41 | 03,150,436 | R--- | C] () -- C:\Documents and Settings\p\Desktop\Combo-Fix.exe
[2009/07/23 20:49:34 | 03,150,436 | R--- | C] () -- C:\Documents and Settings\p\Desktop\ComboFix.exe
[2009/07/23 20:36:38 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/22 23:25:15 | 05,457,005 | ---- | C] () -- C:\Documents and Settings\p\Desktop\Seize_zones_URBAN_v1.16.zip
[2009/07/22 23:25:07 | 01,576,885 | ---- | C] () -- C:\Documents and Settings\p\Desktop\Seize_zones[VTE]_v1.1.7z
[2009/07/22 23:24:51 | 01,621,216 | ---- | C] () -- C:\Documents and Settings\p\Desktop\Seize_zones[AFGHAN08]_v1.72.7z
[2009/07/22 21:44:29 | 12,437,49529 | ---- | C] () -- C:\Documents and Settings\p\Desktop\VTE_final_alpha.rar
[2009/07/22 21:34:19 | 22,690,815 | ---- | C] () -- C:\Documents and Settings\p\Desktop\FFN_MOD_Beta_0.75.7z
[2009/07/21 20:46:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS.0\SWAT.INI
[2009/07/21 19:51:45 | 00,151,552 | ---- | C] () -- C:\WINDOWS.0\unswat.exe
[2009/07/21 19:51:43 | 00,188,928 | ---- | C] (Intel Corporation) -- C:\WINDOWS.0\System32\rdxmmx.dll
[2009/07/21 19:51:43 | 00,185,856 | ---- | C] (Intel Corporation) -- C:\WINDOWS.0\System32\rdxp5.dll
[2009/07/21 19:51:43 | 00,137,728 | ---- | C] (Intel Corporation) -- C:\WINDOWS.0\System32\Rdxcom.dll
[2009/07/21 19:51:43 | 00,062,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS.0\System32\rdxam.dll
[2009/07/21 19:51:43 | 00,055,296 | ---- | C] (Intel Corporation) -- C:\WINDOWS.0\System32\rdxvid.ax
[2009/07/21 19:51:43 | 00,028,160 | ---- | C] (Intel Corporation) -- C:\WINDOWS.0\System32\ActiveRDX.ocx
[2009/07/21 19:51:43 | 00,003,571 | ---- | C] () -- C:\WINDOWS.0\System32\ActiveRDX.tlb
[2009/07/21 19:51:42 | 00,100,352 | ---- | C] (Intel Corporation) -- C:\WINDOWS.0\System32\dmix.dll
[2009/07/21 19:51:41 | 00,092,160 | ---- | C] (Intel Corporation) -- C:\WINDOWS.0\System32\dinoav.dll
[2009/07/21 19:51:41 | 00,078,848 | ---- | C] (Intel Corporation) -- C:\WINDOWS.0\System32\Dino2d.dll
[2009/07/21 19:51:41 | 00,029,820 | ---- | C] () -- C:\WINDOWS.0\System32\rdxcom.tlb
[2009/07/21 19:51:14 | 01,053,184 | ---- | C] (Cendant Software) -- C:\WINDOWS.0\System32\SierraNW.dll
[2009/07/21 19:51:14 | 00,231,936 | ---- | C] (Cendant Software) -- C:\WINDOWS.0\System32\SNWValid.dll
[2009/07/21 19:51:14 | 00,011,104 | ---- | C] () -- C:\WINDOWS.0\System32\SNWVALID.HLP
[2009/07/21 19:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Sierra On-Line
[2009/07/21 19:50:11 | 00,000,288 | ---- | C] () -- C:\WINDOWS.0\SIERRA.INI
[2009/07/20 14:07:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\p\Desktop\Quarantine V2_5
[2009/07/15 16:32:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\p\Local Settings\Application Data\Temp
[2009/07/14 17:42:11 | 00,043,520 | ---- | C] () -- C:\WINDOWS.0\System32\CmdLineExt03.dll
[2009/07/12 19:50:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\p\Desktop\virus log _ infected 07_12_09
[2009/07/12 16:24:17 | 00,004,096 | ---- | C] () -- C:\WINDOWS.0\System32\crash
[2009/07/12 06:24:57 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\p\Desktop\FPS Booster.exe
[2009/07/10 13:35:36 | 00,000,405 | ---- | C] () -- C:\Documents and Settings\p\Desktop\Shortcut to Antivirus Spyware package.lnk
[2009/07/10 13:08:38 | 00,000,708 | ---- | C] () -- C:\Documents and Settings\p\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/10 13:01:57 | 00,000,643 | ---- | C] () -- C:\Documents and Settings\p\Desktop\BootSafe.lnk
[2009/07/10 11:33:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\p\My Documents\OneNote Notebooks
[2009/07/10 11:33:46 | 00,000,947 | ---- | C] () -- C:\Documents and Settings\p\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/07/07 19:48:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2009/07/07 19:13:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\p\Desktop\entrench
[2009/07/07 19:04:06 | 00,000,000 | ---D | C] -- C:\Program Files\Stardock Games
[2009/07/04 13:10:58 | 00,000,570 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\3ds max 7.lnk
[2009/07/04 13:10:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2009/07/04 13:02:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\p\My Documents\Adlm
[2009/07/04 13:01:47 | 00,000,000 | ---D | C] -- C:\Program Files\backburner 2
[2009/07/04 13:01:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Autodesk
[2009/07/03 10:15:35 | 00,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2009/07/01 11:29:11 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\ntoskrnl.exe
[2009/07/01 11:29:11 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/01 11:29:11 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\wininet.dll
[2009/07/01 10:48:37 | 00,000,000 | ---D | C] -- C:\WINDOWS.0\pss
[2009/07/01 10:29:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\p\Local Settings\Application Data\AVG Security Toolbar
[2009/07/01 10:29:03 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Mozilla Firefox.lnk
[2009/06/30 23:28:52 | 00,000,962 | ---- | C] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-764733703-682003330-1003UA.job
[2009/06/30 23:28:52 | 00,000,910 | ---- | C] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-764733703-682003330-1003Core.job
[2009/06/30 23:25:07 | 00,000,886 | ---- | C] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job
[2009/06/30 23:25:07 | 00,000,882 | ---- | C] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job
[2009/06/29 09:20:09 | 00,000,264 | ---- | C] () -- C:\WINDOWS.0\tasks\WGASetup.job
[2009/06/29 09:20:09 | 00,000,000 | ---D | C] -- C:\WINDOWS.0\System32\KB905474
[2009/06/29 09:17:44 | 23,635,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\MRT.exe
[2009/06/28 21:00:04 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\kernel32.dll
[2009/06/28 21:00:04 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\tcpip.sys
[2009/06/28 21:00:04 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\termsrv.dll
[2009/06/28 21:00:04 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\ndis.sys
[2009/06/28 21:00:04 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\appmgmts.dll
[2009/06/28 21:00:04 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\services.exe
[2009/06/28 21:00:04 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\imm32.dll
[2009/06/28 21:00:04 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\ws2_32.dll
[2009/06/28 21:00:04 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\spoolsv.exe
[2009/06/28 21:00:04 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\wuauclt.exe
[2009/06/28 21:00:04 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\ip6fw.sys
[2009/06/28 21:00:04 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\userinit.exe
[2009/06/28 21:00:04 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\kbdclass.sys
[2009/06/28 21:00:04 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\powrprof.dll
[2009/06/28 21:00:04 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\svchost.exe
[2009/06/28 21:00:04 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\cache\lsass.exe
[2009/06/28 21:00:04 | 00,000,000 | ---D | C] -- C:\WINDOWS.0\System32\dllcache\cache
[2009/06/28 20:40:07 | 00,000,325 | ---- | C] () -- C:\Boot.bak
[2009/06/28 20:39:58 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/06/28 20:39:56 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/06/28 15:56:34 | 00,000,000 | ---D | C] -- C:\WINDOWS.0\ERDNT
[2009/06/26 20:51:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\p\Application Data\Wormux
[2009/06/03 10:04:21 | 00,000,825 | ---- | C] () -- C:\WINDOWS.0\wininit.ini
[2009/05/13 22:47:46 | 00,066,482 | R--- | C] () -- C:\WINDOWS.0\System32\lvcoinst.ini
[2009/03/06 20:16:32 | 00,000,023 | ---- | C] () -- C:\WINDOWS.0\BlendSettings.ini
[2009/03/05 18:36:02 | 00,000,604 | ---- | C] () -- C:\WINDOWS.0\wincmd.ini
[2009/02/28 15:41:46 | 00,069,632 | R--- | C] () -- C:\WINDOWS.0\System32\xmltok.dll
[2009/02/28 15:41:46 | 00,036,864 | R--- | C] () -- C:\WINDOWS.0\System32\xmlparse.dll
[2009/01/16 18:18:25 | 00,004,511 | ---- | C] () -- C:\WINDOWS.0\Fred2.INI
[2008/12/18 16:46:32 | 00,007,680 | ---- | C] () -- C:\WINDOWS.0\System32\ff_vfw.dll
[2008/12/18 16:46:32 | 00,000,547 | ---- | C] () -- C:\WINDOWS.0\System32\ff_vfw.dll.manifest
[2008/11/26 15:28:48 | 00,000,272 | ---- | C] () -- C:\WINDOWS.0\System32\oeminfo.ini
[2008/11/20 15:24:31 | 00,137,888 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\PnkBstrK.sys
[2008/11/20 15:24:00 | 00,000,319 | ---- | C] () -- C:\WINDOWS.0\game.ini
[2008/11/20 15:01:38 | 00,721,904 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\sptd.sys
[2008/10/28 18:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS.0\System32\xlive.dll.cat
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS.0\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS.0\System32\AgCPanelFrench.dll
[2001/08/23 09:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS.0\win.ini
[2001/08/23 09:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS.0\system.ini

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS.0\System32\*.tmp files]
[3 C:\WINDOWS.0\*.tmp files]
[2009/07/24 13:52:34 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\p\Desktop\OTL.exe
[2009/07/24 13:51:19 | 00,178,544 | ---- | M] () -- C:\WINDOWS.0\System32\ativvaxx.cap
[2009/07/24 13:33:00 | 00,000,962 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-764733703-682003330-1003UA.job
[2009/07/24 13:30:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/24 11:33:53 | 01,163,686 | ---- | M] () -- C:\Documents and Settings\p\Desktop\aboutsporetime-ch.zip
[2009/07/24 09:48:19 | 39,212,704 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\Avg\incavi.avm
[2009/07/24 09:48:19 | 00,041,076 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\Avg\microavi.avg
[2009/07/24 09:46:26 | 00,102,148 | ---- | M] () -- C:\Documents and Settings\p\Desktop\SystemLook.exe
[2009/07/24 09:36:05 | 00,000,264 | ---- | M] () -- C:\WINDOWS.0\tasks\WGASetup.job
[2009/07/24 09:36:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/24 09:31:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS.0\tasks\SA.DAT
[2009/07/24 09:31:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2009/07/23 21:53:23 | 00,000,227 | ---- | M] () -- C:\WINDOWS.0\system.ini
[2009/07/23 21:51:24 | 00,000,027 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\etc\hosts
[2009/07/23 20:50:03 | 03,150,436 | R--- | M] () -- C:\Documents and Settings\p\Desktop\Combo-Fix.exe
[2009/07/23 20:49:55 | 03,150,436 | R--- | M] () -- C:\Documents and Settings\p\Desktop\ComboFix.exe
[2009/07/22 23:33:00 | 00,000,910 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-764733703-682003330-1003Core.job
[2009/07/22 23:25:41 | 05,457,005 | ---- | M] () -- C:\Documents and Settings\p\Desktop\Seize_zones_URBAN_v1.16.zip
[2009/07/22 23:25:15 | 01,576,885 | ---- | M] () -- C:\Documents and Settings\p\Desktop\Seize_zones[VTE]_v1.1.7z
[2009/07/22 23:25:00 | 01,621,216 | ---- | M] () -- C:\Documents and Settings\p\Desktop\Seize_zones[AFGHAN08]_v1.72.7z
[2009/07/22 23:24:33 | 12,437,49529 | ---- | M] () -- C:\Documents and Settings\p\Desktop\VTE_final_alpha.rar
[2009/07/22 21:36:13 | 22,690,815 | ---- | M] () -- C:\Documents and Settings\p\Desktop\FFN_MOD_Beta_0.75.7z
[2009/07/21 20:46:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS.0\SWAT.INI
[2009/07/21 20:33:17 | 00,035,496 | ---- | M] () -- C:\Documents and Settings\p\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/21 19:58:43 | 02,247,688 | ---- | M] () -- C:\WINDOWS.0\System32\FNTCACHE.DAT
[2009/07/21 19:56:55 | 00,000,288 | ---- | M] () -- C:\WINDOWS.0\SIERRA.INI
[2009/07/21 18:40:31 | 00,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS.0\System32\CmdLineExt.dll
[2009/07/17 09:37:21 | 03,214,326 | -H-- | M] () -- C:\Documents and Settings\p\Local Settings\Application Data\IconCache.db
[2009/07/15 21:18:45 | 00,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS.0\System32\wrap_oal.dll
[2009/07/15 21:18:45 | 00,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS.0\System32\OpenAL32.dll
[2009/07/14 17:43:51 | 00,043,520 | ---- | M] () -- C:\WINDOWS.0\System32\CmdLineExt03.dll
[2009/07/14 09:40:44 | 00,002,141 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\iTunes.lnk
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS.0\PEV.exe
[2009/07/12 16:24:17 | 00,004,096 | ---- | M] () -- C:\WINDOWS.0\System32\crash
[2009/07/12 06:32:22 | 05,649,572 | ---- | M] () -- C:\Documents and Settings\p\Desktop\GenuineXP.rar
[2009/07/12 06:24:57 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\p\Desktop\FPS Booster.exe
[2009/07/11 14:16:14 | 00,000,664 | ---- | M] () -- C:\WINDOWS.0\System32\d3d9caps.dat
[2009/07/11 00:30:26 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Mozilla Firefox.lnk
[2009/07/10 13:37:00 | 00,000,825 | ---- | M] () -- C:\WINDOWS.0\wininit.ini
[2009/07/10 13:35:36 | 00,000,405 | ---- | M] () -- C:\Documents and Settings\p\Desktop\Shortcut to Antivirus Spyware package.lnk
[2009/07/10 13:08:38 | 00,000,708 | ---- | M] () -- C:\Documents and Settings\p\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/10 13:01:57 | 00,000,643 | ---- | M] () -- C:\Documents and Settings\p\Desktop\BootSafe.lnk
[2009/07/10 11:33:46 | 00,000,947 | ---- | M] () -- C:\Documents and Settings\p\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/07/10 10:23:08 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS.0\System32\drivers\avgldx86.sys
[2009/07/07 15:47:53 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\p\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/05 09:32:05 | 00,002,206 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[2009/07/04 13:10:58 | 00,000,570 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\3ds max 7.lnk
[2009/07/02 14:50:15 | 00,316,012 | R--- | M] () -- C:\WINDOWS.0\System32\drivers\etc\hosts.20090710-133731.backup
[2009/07/01 15:47:20 | 00,000,477 | ---- | M] () -- C:\WINDOWS.0\win.ini
[2009/07/01 15:47:20 | 00,000,395 | -H-- | M] () -- C:\boot.ini
[2009/07/01 11:20:59 | 00,000,027 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\etc\hosts.20090702-145015.backup
[2009/06/29 18:31:19 | 00,463,779 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\Avg\miniavi.avg
[2009/06/29 09:20:18 | 00,521,444 | ---- | M] () -- C:\WINDOWS.0\System32\PerfStringBackup.INI
[2009/06/29 09:20:18 | 00,440,684 | ---- | M] () -- C:\WINDOWS.0\System32\perfh009.dat
[2009/06/29 09:20:18 | 00,071,002 | ---- | M] () -- C:\WINDOWS.0\System32\perfc009.dat
[2009/06/29 09:20:14 | 00,001,374 | ---- | M] () -- C:\WINDOWS.0\imsins.BAK
[2009/06/28 13:51:59 | 00,305,999 | R--- | M] () -- C:\WINDOWS.0\System32\drivers\etc\hosts.bak
[2009/06/28 13:51:31 | 00,305,999 | R--- | M] () -- C:\WINDOWS.0\System32\drivers\etc\hosts.20090628-135159.backup
[2009/06/28 13:30:57 | 00,305,999 | R--- | M] () -- C:\WINDOWS.0\System32\drivers\etc\hosts.20090628-135131.backup
[2009/06/26 22:46:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
< End of report >



-----------------------------------------------------------------
EXTRAS
-----------------------------------------------------------------


OTL Extras logfile created on: 7/24/2009 1:53:07 PM - Run 1
OTL by OldTimer - Version 3.0.10.2 Folder = C:\Documents and Settings\p\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 15.66 Gb Free Space | 8.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 667.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 400.86 Gb Total Space | 60.58 Gb Free Space | 15.11% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAUL
Current User Name: p
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1454471165-764733703-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05B7B9BA-9EBC-4C5B-933D-49F372EFE7A1}" = Adobe Photoshop CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E3CCCDC-3BB2-B5D5-A547-5F157E1BADB8}" = Catalyst Control Center Core Implementation
"{0F99EAFA-4054-4ABC-A3D3-D2299210572F}" = Adobe Bridge CS4
"{131C976E-E991-40FA-163F-B29022346F01}" = CCC Help English
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.15.0.31
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 14
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B1652-D70A-4D19-981E-BB15D0DBF253}" = Ghostbusters ™: The Video Game
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3F3733A5-8322-454D-A638-3B74E1C83752}" = Gadget Installer
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{58AC967F-CE64-4065-AF54-FA66BAF31FE8}" = BOILING POINT
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A53992C-48D6-D4DB-75A7-5D13388DAB9A}" = ccc-core-static
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{628C3D50-F524-4C49-A958-672CE7953756}" = The Lord of the Rings - Conquest™
"{64E633D4-565F-437F-916C-7F70ED271784}" = EU3 Savegame Editor
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7083067F-42F5-41AF-8422-E22EA391791C}" = World In Conflict Editor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{7AE858CD-7AD6-D9E6-627E-E452A71896E7}" = Catalyst Control Center Graphics Full Existing
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
"{8BC8DA36-302D-14FA-55AE-5CAAF1CA4F25}" = Catalyst Control Center Graphics Light
"{8BD5B620-AA88-11D4-AEC7-0008C739EC2A}" = Gangsters 2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-008A-0409-0000-0000000FF1CE}" = Microsoft Office 2007 Recent Documents Gadget
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9838EAFF-B13B-4A03-AEAE-6D508136545D}" = X3 Reunion
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1C9D1DA-7803-4586-B509-450009938312}" = Adobe Setup
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
"{A44C8D37-B36B-D378-2201-97137494E339}" = ccc-utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA89DBA6-2CC9-46C5-9102-4B2833304AE2}" = World In Conflict
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{BB37C263-9B7F-6A1C-A1B8-333C3FB80614}" = ccc-core-preinstall
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BE4E36A9-741F-4F78-8C3E-4D80E6D5587D}_is1" = maps
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{C7E3FF32-7E00-4703-9C34-5777C08A56AA}" = Toon Boom Studio 4.5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CFB9F7A0-A7ED-43A9-9551-EC1F319F971A}" = Superpower 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{DE5CD0E9-9296-788D-F082-54454791A65E}" = Catalyst Control Center Graphics Previews Common
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EBB15EA8-B7CF-E90C-B977-18777AFC63F0}" = Catalyst Control Center HydraVision Full
"{EC27630A-EAFB-AB2A-56CC-7F5189845D85}" = Catalyst Control Center Graphics Full New
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F724042F-367A-3B58-9BE3-8EF7A6F058D6}" = Google Gears
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F92AB933-9FE7-4335-92BD-D1C3BA27613C}" = 3ds max 7
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB28E2FA-9D08-4006-A584-6E1273A8E036}" = KGB Archiver 2
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"7-Zip" = 7-Zip 4.60 beta
"ACEIslands" = ACEIslands
"ACEMod" = ACEMod
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_b741c3c52d3108664cedeb2b76f6d96" = Adobe Photoshop CS4
"All ATI Software" = ATI - Software Uninstall Utility
"AMP WinOFF" = AMP WinOFF
"ArmA" = ArmA Uninstall
"ArmA2" = ArmA2 Uninstall
"ArtMoney SE_is1" = ArtMoney SE v7.30.1
"AskPBar Uninstall" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG 8.5
"BattlEye" = BattlEye Uninstall
"ClocX" = ClocX (1.5b2)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Community Map Pack IV" = Community Map Pack IV 1.0
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"Crysis WARHEAD" = Crysis WARHEAD
"Defcon_is1" = Defcon v1.43
"EAX Unified" = EAX Unified
"Evil Genius" = Evil Genius
"Evil Genius_is1" = Evil Genius V1.01
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.9.13
"ffdshow_is1" = ffdshow [rev 2202] [2008-10-10]
"FFUR-SLX 2007" = FFUR-SLX 2007 2.5 New Version
"Flashpoint Resistance" = Flashpoint Resistance uninstall
"Fraps" = Fraps
"Free DVD Creator (by minidvdsoft)_is1" = Free DVD Creator version 2.0
"Freelancer 1.0" = Freelancer
"GameSpy Arcade" = GameSpy Arcade
"Graphical Enhancement Resources" = Graphical Enhancement Resources 2.5
"Graphical Enhancement Textures" = Graphical Enhancement Textures 2.5
"H.S.M Co-op Expansion v1.0" = H.S.M Co-op Expansion v1.0
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"ImgBurn" = ImgBurn
"Impulse" = Impulse
"In Nomine_is1" = In Nomine 3.1
"InstallShield_{3A1B1652-D70A-4D19-981E-BB15D0DBF253}" = Ghostbusters ™: The Video Game
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{CFB9F7A0-A7ED-43A9-9551-EC1F319F971A}" = Superpower 2
"KGB Archiver_is1" = KGB Archiver 1.2.1.24
"L4DSP" = Left 4 Dead Standalone Patch
"LandOfTheDead" = Groove Games\Land Of The Dead
"LOTD Update Pack #1 (3/2/06)" = LOTD Update Pack #1 (3/2/06)
"LOTD Update Pack #2 (3/6/06)" = LOTD Update Pack #2 (3/6/06)
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Mafia" = Mafia
"Mafia Game" = Mafia Game
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"Music Mod" = Music Mod 1.0
"NeoKwinto" = NeoKwinto
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OpenAL" = OpenAL
"Operation Optimization_is1" = Operation Optimization v1.1.1
"Populous MatchMaker" = Populous MatchMaker
"Populous Skirmish" = Populous Skirmish BETA 0.4
"Populous: The Beginning" = Populous: The Beginning
"PunkBusterSvc" = PunkBuster Services
"Rapid Express_is1" = Rapid Express
"Real Lives 2007" = Real Lives 2007
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"RiseofNationsExpansion 1.0" = Rise of Nations Thrones and Patriots
"RocketDock_is1" = RocketDock 1.3.5
"Shockwave" = Shockwave
"Sierra Utilities" = Sierra Utilities
"Sins of a Solar Empire" = Sins of a Solar Empire
"SSF Realism Mod v2.2 For Swat4 The Original" = SSF Realism Mod v2.2 For Swat4 The Original
"ST6UNST #1" = ADRIFT
"Steam App 10500" = Empire: Total War
"Steam App 11420" = Clive Barker's Jericho
"Steam App 12170" = Grand Theft Auto
"Steam App 12210" = Grand Theft Auto IV
"Steam App 13540" = Rainbow Six Vegas
"Steam App 15120" = Rainbow Six Vegas 2
"Steam App 15170" = Heroes of Might and Magic 5
"Steam App 1520" = Defcon
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 17390" = Spore
"Steam App 19000" = Silent Hill Homecoming
"Steam App 1920" = Two Worlds
"Steam App 20510" = STALKER: Clear Sky
"Steam App 21910" = World in Conflict: Soviet Assault
"Steam App 2600" = Vampire: The Masquerade - Bloodlines
"Steam App 2690" = Empires: Dawn of the Modern World
"Steam App 2820" = X3: Terran Conflict
"Steam App 4830" = S.T.A.L.K.E.R.
"Steam App 7000" = Tomb Raider: Legend
"Steam App 7670" = Bioshock
"Steam App 7760" = X-COM: UFO Defense
"Steam App 9340" = Company of Heroes: Opposing Fronts
"Swat2" = Police Quest: SWAT2
"The Guild 2 Venice_is1" = The Guild 2 Venice
"Thoosje Vista Sidebar" = Thoosje Vista Sidebar
"Totalcmd" = Total Commander (Remove or Repair)
"Trillian" = Trillian
"UFO Extraterrestrials1.00" = UFO Extraterrestrials
"Vae Victis_is1" = Vae Victis 2.0
"Vista Start Menu_is1" = Vista Start Menu 3.1
"Vista Transformation Pack" = Vista Transformation Pack 8.0
"VistaMizer" = VistaMizer 3.1.0.0
"Waterloo Mod Alpha" = Waterloo Mod Alpha 0.4
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Sidebar" = Windows Sidebar
"WinRAR archiver" = WinRAR archiver
"Wormux" = Wormux
"X Plugin Manager" = X Plugin Manager 2.12
"X3 Bonus Package_is1" = X3 Bonus Package 3.1.07
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1454471165-764733703-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"2a4f70b48f669acd" = AA3Deploy
"Age of Blackpowder: Realm of Revolution - Beta" = Age of Blackpowder: Realm of Revolution - Beta
"Google Chrome" = Google Chrome
"H.S.M Custom Maps Expansion v2.0" = H.S.M Custom Maps Expansion v2.0
"H.S.M Custom Maps Expansion v3.0" = H.S.M Custom Maps Expansion v3.0
"Terra Nova mod" = Terra Nova mod
"Third Age - Total War 1.0 Part1" = Third Age - Total War 1.0 Part1
"Third Age - Total War 1.0 Part2" = Third Age - Total War 1.0 Part2
"Third Age - Total War Hotfix1" = Third Age - Total War Hotfix1
"Third Age - Total War Patch 1.1" = Third Age - Total War Patch 1.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2009 9:35:04 PM | Computer Name = PAUL | Source = Application Hang | ID = 1002
Description = Hanging application SWAT.EXE, version 1.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/21/2009 11:30:05 PM | Computer Name = PAUL | Source = Google Update | ID = 20
Description =

Error - 7/21/2009 11:33:05 PM | Computer Name = PAUL | Source = Google Update | ID = 20
Description =

Error - 7/22/2009 12:30:08 AM | Computer Name = PAUL | Source = Google Update | ID = 20
Description =

Error - 7/22/2009 7:30:07 PM | Computer Name = PAUL | Source = Google Update | ID = 20
Description =

Error - 7/22/2009 7:33:05 PM | Computer Name = PAUL | Source = Google Update | ID = 20
Description =

Error - 7/22/2009 8:30:05 PM | Computer Name = PAUL | Source = Google Update | ID = 20
Description =

Error - 7/22/2009 8:33:05 PM | Computer Name = PAUL | Source = Google Update | ID = 20
Description =

Error - 7/23/2009 12:33:19 AM | Computer Name = PAUL | Source = Google Update | ID = 20
Description =

Error - 7/23/2009 12:34:12 AM | Computer Name = PAUL | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 7/23/2009 9:50:10 PM | Computer Name = PAUL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Beep Fips Processor SASDIFSV SASKUTIL sFxdrv

Error - 7/23/2009 9:50:12 PM | Computer Name = PAUL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/23/2009 9:52:54 PM | Computer Name = PAUL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 7/23/2009 10:00:39 PM | Computer Name = PAUL | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/23/2009 10:01:10 PM | Computer Name = PAUL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/23/2009 10:25:00 PM | Computer Name = PAUL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/23/2009 10:49:28 PM | Computer Name = PAUL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/23/2009 10:52:11 PM | Computer Name = PAUL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 7/23/2009 10:52:11 PM | Computer Name = PAUL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/24/2009 10:32:11 AM | Computer Name = PAUL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep


< End of report >

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:48 PM

Posted 24 July 2009 - 02:28 PM

Hi,

those logs look good. :thumbup2: Are you still experiencing any trouble?

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Uncheck removen found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
regarsd _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 afella

afella
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:MO
  • Local time:12:48 PM

Posted 24 July 2009 - 11:22 PM

Computer is running great _temp_! :thumbup2: No complaints whatsoever. I downloaded and ran ESET, but after updating it brought me to a "subscribe / register for trial" page, which I'd rather not sign up for, for fear that they might spam me... :) Is it ok if I skip this step?

I think my compy is back to good old normal.. I am going to give it about a week and if there are no bugs I will delete that "eee.old" folder. I think you fixed it buddy, and saved me a painful compy format. I'm really glad I hung on for a reply. I knew you guys would be able to help! :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users