Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Thousands of Compromised WordPress Sites Redirect to Tech Support Scams

Featured Deal: Get 96% off a Xamarin Cross Platform Development Bundle Deal

Photo

Google Redirects, Blue Screens, etc.

Started by RedPenumbra , Jul 20 2009 07:08 PM

  • This topic is locked This topic is locked
13 replies to this topic

#1 RedPenumbra

RedPenumbra

  • Members
  • 32 posts
  • OFFLINE
    •  
  • Local time:02:53 PM

Posted 20 July 2009 - 07:08 PM

I was casually browsing today when Google started to redirect its searches to other websites. I'd had this problem before, so I ran Malwarebytes, which found nothing. I went ahead and ran GooredFix, which worked before, and I have included the log here. Also, upon restarting my computer, I received a blue screen when starting Windows normally and in safe mode (and had to use the last known good configuration to boot back into Windows.) [See EDIT] I'm gonna go ahead and post my DDS logs and GooredFix log here, and then try to recreate the blue screen while you're looking at those logs.

===GooredFix===
GooredFix by jpshortstuff (12.07.09)
Log created at 19:50 on 20/07/2009 (Johanan)
Firefox version 3.0.11 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:08 15/01/2008]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [02:37 05/12/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [00:34 17/12/2008]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [18:48 20/04/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [18:41 14/06/2009]

-=E.O.F=-

===DDS===

DDS (Ver_09-06-26.01) - NTFSx86
Run by Johanan at 19:42:36.92 on Mon 07/20/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2581 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\713xRMTMon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\RivaTuner v2.24\RivaTuner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Johanan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemonsearch.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [TV Card Remote Control Device Monitor] c:\windows\713xRMTMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BootSkin Startup Jobs] "c:\progra~1\stardock\wincus~1\bootskin\BootSkin.exe" /StartupJobs
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [U.S. Robotics Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Launch LgDevAgt] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [DelReg] c:\program files\msi\dualcorecenter\DelReg.exe
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTuner.exe" /S
mRun: [RivaTuner] "c:\program files\rivatuner v2.24\RivaTuner.exe" /T
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dualco~1.lnk - c:\program files\msi\dualcorecenter\StartUpDualCoreCenter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229454768968
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229454486187
TCP: {D9236AA4-C025-48B0-BFCE-7E0D201F7493} = 208.33.159.39,63.162.197.99
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: ,
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johanan\applic~1\mozilla\firefox\profiles\4hvepxft.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - component: c:\documents and settings\johanan\application data\mozilla\firefox\profiles\4hvepxft.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\johanan\application data\mozilla\firefox\profiles\4hvepxft.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\johanan\application data\mozilla\firefox\profiles\4hvepxft.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\johanan\application data\mozilla\firefox\profiles\4hvepxft.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-14 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-14 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-14 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-14 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-14 298776]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-11-21 47640]
R2 TTFixerService;NST ToolTipFixer;c:\program files\neosmart technologies\tooltipfixer\ToolTipFixer.exe [2007-6-27 10240]
R3 DualCoreCenter;DualCoreCenter;c:\program files\msi\dualcorecenter\NTGLM7X.sys [2009-6-28 28672]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-6-8 28672]
S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [2008-2-14 279552]
S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2008-2-14 25984]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-7-24 12192]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-07-19 22:16 91 a------- c:\windows\system32\geyekrblkayuxc.dat
2009-07-19 22:06 17,408 a------- c:\windows\system32\geyekrlniupxmk.dll
2009-07-19 22:06 5,239 a------- c:\windows\system32\geyekrfevnrssm.dat
2009-07-19 22:06 66,048 a------- c:\windows\system32\drivers\geyekrtynaoyro.sys
2009-07-19 22:06 40,960 a------- c:\windows\system32\geyekrdksoamod.dll
2009-07-16 17:03 <DIR> --d----- c:\program files\RivaTuner v2.24
2009-06-28 22:32 1,622,016 a------- c:\windows\NVBenchMarks.dll
2009-06-28 22:32 1,060,864 a------- c:\windows\MFC71.dll
2009-06-28 22:32 499,712 a------- c:\windows\msvcp71.dll
2009-06-28 22:32 421,888 a------- c:\windows\nvsulib.dll
2009-06-28 22:32 380,928 a------- c:\windows\ntuneoem.dll
2009-06-28 22:32 348,160 a------- c:\windows\msvcr71.dll
2009-06-28 22:32 217,088 a------- c:\windows\NVGfxOgl.dll
2009-06-28 22:32 53,248 a------- c:\windows\Nvgpio.dll
2009-06-28 22:32 45,056 a------- c:\windows\NTuneGpu.dll
2009-06-28 22:32 28,672 a------- c:\windows\AutoTuneScript.dll
2009-06-28 22:32 18,216 a------- c:\windows\nvoclk64.sys
2009-06-28 22:32 6,912 a------- c:\windows\nvoclock.sys
2009-06-28 15:43 69,632 a------- c:\windows\Alcmtr.exe

==================== Find3M ====================

2009-07-20 10:29 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-13 17:32 20,456 a------- c:\docume~1\johanan\applic~1\GDIPFONTCACHEV1.DAT
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-14 14:41 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-14 14:41 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-07 16:08 2,644 a------- c:\windows\system32\d3d9caps.dat
2009-05-23 20:04 23,855 a------- c:\windows\War3Unin.dat
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-01 00:31 1,657,376 a------- c:\windows\system32\nwiz.exe
2009-05-01 00:31 449,056 a------- c:\windows\system32\nvappbar.exe
2009-05-01 00:31 436,768 a------- c:\windows\system32\keystone.exe
2009-05-01 00:31 1,724,416 a------- c:\windows\system32\nvwdmcpl.dll
2009-05-01 00:31 1,507,328 a------- c:\windows\system32\nview.dll
2009-05-01 00:31 1,101,824 a------- c:\windows\system32\nvwimg.dll
2009-05-01 00:31 466,944 a------- c:\windows\system32\nvshell.dll
2009-04-30 22:02 9,994,240 a------- c:\windows\system32\nvoglnt.dll
2009-04-30 22:02 5,896,320 a------- c:\windows\system32\nv4_disp.dll
2009-04-30 22:02 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-04-30 22:02 1,579,630 a------- c:\windows\system32\nvdata.bin
2009-04-30 22:02 1,314,816 a------- c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02 806,912 a------- c:\windows\system32\nvapi.dll
2009-04-30 22:02 663,552 a------- c:\windows\system32\nvcuvid.dll
2009-04-30 22:02 457,248 a------- c:\windows\system32\nvudisp.exe
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcodins.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod.dll
2009-04-27 00:42 457,248 a------- c:\windows\system32\NVUNINST.EXE
2008-10-30 17:57 22,328 a------- c:\docume~1\johanan\applic~1\PnkBstrK.sys
2008-10-06 19:42 47,360 a------- c:\docume~1\johanan\applic~1\pcouffin.sys
2008-01-13 23:19 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008011320080114\index.dat

============= FINISH: 19:43:01.29 ===============

Thanks!

EDIT: I couldn't recreate the blue screens, so I guess it was just a random Windows fluke.

Attached Files


Edited by RedPenumbra, 20 July 2009 - 07:19 PM.

BC AdBot (Login to Remove)

 

#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:02:53 PM

Posted 31 July 2009 - 12:07 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
All Other Things Being Equal, The Simplest Solution Is The Best.
Anti-Spyware Scanners - Anti-Virus Scanners - Online Scanners - Firewalls
Protect Yourself and Surf More Secure

#3 RedPenumbra

RedPenumbra
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
    •  
  • Local time:02:53 PM

Posted 01 August 2009 - 09:30 AM

===DDS===

DDS (Ver_09-07-30.01) - NTFSx86
Run by Johanan at 17:16:00.18 on Fri 07/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2351 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\713xRMTMon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\RivaTuner v2.24\RivaTuner.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
E:\My Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemonsearch.com/
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [TV Card Remote Control Device Monitor] c:\windows\713xRMTMon.exe
mRun: [BootSkin Startup Jobs] "c:\progra~1\stardock\wincus~1\bootskin\BootSkin.exe" /StartupJobs
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [U.S. Robotics Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Launch LgDevAgt] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [DelReg] c:\program files\msi\dualcorecenter\DelReg.exe
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTuner.exe" /S
mRun: [RivaTuner] "c:\program files\rivatuner v2.24\RivaTuner.exe" /T
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dualco~1.lnk - c:\program files\msi\dualcorecenter\StartUpDualCoreCenter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229454768968
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229454486187
TCP: {D9236AA4-C025-48B0-BFCE-7E0D201F7493} = 208.33.159.39,63.162.197.99
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johanan\applic~1\mozilla\firefox\profiles\4hvepxft.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - component: c:\documents and settings\johanan\application data\mozilla\firefox\profiles\4hvepxft.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\johanan\application data\mozilla\firefox\profiles\4hvepxft.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\johanan\application data\mozilla\firefox\profiles\4hvepxft.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\johanan\application data\mozilla\firefox\profiles\4hvepxft.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-14 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-14 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-14 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-14 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-14 298776]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-11-21 47640]
R2 TTFixerService;NST ToolTipFixer;c:\program files\neosmart technologies\tooltipfixer\ToolTipFixer.exe [2007-6-27 10240]
R3 DualCoreCenter;DualCoreCenter;c:\program files\msi\dualcorecenter\NTGLM7X.sys [2009-6-28 28672]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-6-8 28672]
S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [2008-2-14 279552]
S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2008-2-14 25984]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-7-24 12192]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-07-30 20:09 <DIR> --d----- C:\spoolerlogs
2009-07-25 22:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-07-23 10:46 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-07-23 10:46 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-07-23 10:46 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-07-23 10:46 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-07-23 10:46 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-07-23 10:46 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-07-20 20:41 91 a------- c:\windows\system32\geyekrnsrqxfuj.dat
2009-07-20 20:31 3,983 a------- c:\windows\system32\geyekrohflovma.dat
2009-07-19 22:16 91 a------- c:\windows\system32\geyekrblkayuxc.dat
2009-07-19 22:06 5,239 a------- c:\windows\system32\geyekrfevnrssm.dat
2009-07-16 17:03 <DIR> --d----- c:\program files\RivaTuner v2.24
2009-07-14 13:35 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-07-14 13:35 420,384 a------- c:\windows\system32\nvcpl.cpl
2009-07-14 13:35 81,920 a------- c:\windows\system32\nvwddi.dll
2009-07-14 13:35 4,026,368 a------- c:\windows\system32\nvvitvs.dll
2009-07-14 13:35 3,170,304 a------- c:\windows\system32\nvwss.dll
2009-07-14 13:34 13,877,248 a------- c:\windows\system32\nvcpl.dll
2009-07-14 13:34 4,923,392 a------- c:\windows\system32\nvdisps.dll
2009-07-14 13:34 3,547,136 a------- c:\windows\system32\nvgames.dll
2009-07-14 13:34 1,286,144 a------- c:\windows\system32\nvmobls.dll
2009-07-14 13:34 243,457 a------- c:\windows\system32\NvApps.xml
2009-07-14 13:34 188,416 a------- c:\windows\system32\nvmccss.dll
2009-07-14 13:34 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-07-14 13:34 143,360 a------- c:\windows\system32\nvcolor.exe
2009-07-14 13:34 86,016 a------- c:\windows\system32\nvmctray.dll
2009-07-14 13:34 66,834 a------- c:\windows\system32\NvwsApps.xml
2009-07-14 13:34 229,376 a------- c:\windows\system32\nvmccs.dll

==================== Find3M ====================

2009-07-20 10:29 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-14 14:54 10,457,088 a------- c:\windows\system32\nvoglnt.dll
2009-07-14 14:54 7,741,664 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 14:54 5,842,816 a------- c:\windows\system32\nv4_disp.dll
2009-07-14 14:54 2,189,856 a------- c:\windows\system32\nvcuvid.dll
2009-07-14 14:54 2,002,944 a------- c:\windows\system32\nvcuda.dll
2009-07-14 14:54 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-07-14 14:54 1,597,690 a------- c:\windows\system32\nvdata.bin
2009-07-14 14:54 868,352 a------- c:\windows\system32\nvapi.dll
2009-07-14 14:54 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-14 14:54 151,552 a------- c:\windows\system32\nvcodins.dll
2009-07-14 14:54 151,552 a------- c:\windows\system32\nvcod.dll
2009-07-13 17:32 20,456 a------- c:\docume~1\johanan\applic~1\GDIPFONTCACHEV1.DAT
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-10 07:01 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-06-14 14:41 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-14 14:41 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-07 16:08 2,644 a------- c:\windows\system32\d3d9caps.dat
2009-05-23 20:04 23,855 a------- c:\windows\War3Unin.dat
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2008-10-30 17:57 22,328 a------- c:\docume~1\johanan\applic~1\PnkBstrK.sys
2008-10-06 19:42 47,360 a------- c:\docume~1\johanan\applic~1\pcouffin.sys
2008-01-13 23:19 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008011320080114\index.dat

============= FINISH: 17:16:24.21 ===============

Thanks for the help!

Attached Files


#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:02:53 PM

Posted 02 August 2009 - 09:17 AM

Hello.

There are evidence of rootkit related files on your machine but the infection doesn't appear to be active. Let's make sure.

Run GMER for me, then followed by Malwarebytes Anti-Malware.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt (refer below) to run a full scan. Click NO..
    Posted Image
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 RedPenumbra

RedPenumbra
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
    •  
  • Local time:02:53 PM

Posted 02 August 2009 - 01:02 PM

===GMER===

GMER 1.0.15.15011 [dxwnfm4u.exe] - http://www.gmer.net
Rootkit scan 2009-08-02 13:53:49
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xB7EBE0D0]
SSDT sptd.sys ZwEnumerateKey [0xB7EC3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xB7EC4340]
SSDT sptd.sys ZwOpenKey [0xB7EBE0B0]
SSDT sptd.sys ZwQueryKey [0xB7EC4418]
SSDT sptd.sys ZwQueryValueKey [0xB7EC4298]
SSDT sptd.sys ZwSetValueKey [0xB7EC44AA]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B7D01E8
Device \FileSystem\Fastfat \FatCdrom 8B5D2538

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBPDO-0 8B4F63E8
Device \Driver\usbehci \Device\USBPDO-1 8B4EF360
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B7D21E8
Device \Driver\dmio \Device\DmControl\DmConfig 8B7D21E8
Device \Driver\dmio \Device\DmControl\DmPnP 8B7D21E8
Device \Driver\dmio \Device\DmControl\DmInfo 8B7D21E8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\PCI_NTPNP4610 \Device\00000057 sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B8421E8
Device \Driver\Cdrom \Device\CdRom0 8B4EC348
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B8421E8
Device \Driver\Cdrom \Device\CdRom1 8B4EC348
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8B8411E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort0 8B8411E8
Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort1 8B8411E8
Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A2A71E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{AE4F0CC8-4E4C-4E25-A8D4-C347FDEEBC80} 8A2A71E8
Device \Driver\NetBT \Device\NetbiosSmb 8A2A71E8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBFDO-0 8B4F63E8
Device \Driver\nvata \Device\0000007a 8B7D11E8
Device \Driver\usbehci \Device\USBFDO-1 8B4EF360
Device \Driver\nvata \Device\NvAta0 8B7D11E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A29F1E8
Device \Driver\nvata \Device\0000007b 8B7D11E8
Device \Driver\nvata \Device\NvAta1 8B7D11E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D9236AA4-C025-48B0-BFCE-7E0D201F7493} 8A2A71E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A29F1E8
Device \Driver\Ftdisk \Device\FtControl 8B8421E8
Device \Driver\a7a4b9or \Device\Scsi\a7a4b9or1 8B3E01E8
Device \Driver\a7a4b9or \Device\Scsi\a7a4b9or1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\a7a4b9or \Device\Scsi\a7a4b9or1Port4Path0Target0Lun0 8B3E01E8
Device \Driver\a7a4b9or \Device\Scsi\a7a4b9or1Port4Path0Target0Lun0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \FileSystem\Fastfat \Fat 8B5D2538

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8B5B7590

---- EOF - GMER 1.0.15 ----

Malwarebytes' scan found nothing.

Thanks for your help!

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:02:53 PM

Posted 03 August 2009 - 09:26 AM

Hello.

IT seems the rootkit doesn't appear to be active anymore. Probably it was removed but not everything part of it was.

Regarding rootkits and backdoors.

Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Tell me what you want to do.

---

If you wish to continue please, run OTL.

Download and run OTL
  • Download OTL by OldTimer and save it to your desktop.
  • [Double click on the Posted Image icon on your desktop. If you are using Vista, please right-click and select run as administrator
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • It will now begin to scan, please be paitent while it scans.
  • Two reports will open once it's done.
  • Please copy and paste them in your next reply:
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized

Post the logs once it's complete please.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 RedPenumbra

RedPenumbra
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
    •  
  • Local time:02:53 PM

Posted 05 August 2009 - 05:50 PM

===OTL===

OTL logfile created on: 8/5/2009 6:40:42 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Johanan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.82 Gb Available in Paging File | 95.58% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 37.86 Gb Free Space | 16.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 596.17 Gb Total Space | 377.03 Gb Free Space | 63.24% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANONYMOUS
Current User Name: Johanan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/03/02 11:18:26 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2005/02/07 13:07:50 | 00,819,315 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2003/08/18 11:37:10 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/14 14:41:21 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/10/16 21:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009/06/14 14:41:26 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/06/14 14:41:26 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/10/16 21:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/10/30 17:56:33 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
PRC - [2008/10/30 17:56:40 | 00,107,832 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
PRC - [2007/06/27 01:20:16 | 00,010,240 | ---- | M] (NeoSmart Technologies) -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
PRC - [2009/06/17 17:05:10 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/06/14 14:41:22 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2007/12/31 05:26:49 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/08/19 11:43:48 | 00,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
PRC - [2007/06/28 21:41:56 | 00,352,256 | R--- | M] () -- C:\WINDOWS\713xRMTMon.exe
PRC - [2005/01/20 16:45:34 | 00,639,080 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\WLTRAY.exe
PRC - [2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/06/10 12:56:30 | 01,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2007/10/14 22:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2008/07/24 19:46:10 | 00,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/11/06 12:41:14 | 00,358,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
PRC - [2008/11/06 12:21:42 | 01,548,296 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2008/11/06 12:39:46 | 02,816,520 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2003/08/19 12:00:40 | 00,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2009/06/14 14:41:22 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2004/08/03 19:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2007/10/25 11:57:56 | 16,855,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/10/16 21:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/02/25 13:55:00 | 02,781,184 | ---- | M] () -- C:\Program Files\RivaTuner v2.24\RivaTuner.exe
PRC - [2008/06/10 12:56:28 | 00,447,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2007/10/14 21:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/05/02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2008/11/06 12:21:14 | 00,676,360 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
PRC - [2008/11/06 12:21:24 | 00,523,784 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
PRC - [2008/11/06 12:21:32 | 00,526,856 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2008/11/06 12:22:12 | 00,473,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
PRC - [2008/11/06 12:22:22 | 00,498,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
PRC - [2007/10/19 21:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2007/10/19 21:46:08 | 00,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007/11/02 21:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/06/11 10:00:04 | 32,018,432 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
PRC - [2009/07/23 10:54:41 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/01 13:25:30 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johanan\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/06/17 17:05:10 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/06/14 14:41:21 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
SRV - [2004/08/03 19:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/11/06 22:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/11/06 22:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2003/08/18 11:37:10 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2008/10/16 21:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto | Running])
SRV - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Running])
SRV - [2006/11/08 17:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/11/08 17:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/10/30 17:56:33 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2008/10/30 17:56:40 | 00,107,832 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2007/06/27 01:20:16 | 00,010,240 | ---- | M] (NeoSmart Technologies) -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe -- (TTFixerService [Auto | Running])
SRV - [2005/03/02 11:18:26 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2007/06/28 21:42:02 | 00,279,552 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\System32\DRIVERS\SAA713x.sys -- (713xTVCard [Auto | Stopped])
DRV - [2008/04/13 12:01:31 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2008/09/20 06:44:11 | 00,099,648 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2008/06/07 00:47:13 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009/07/20 10:29:49 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/17 17:05:14 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/06/14 14:41:40 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2004/12/22 02:32:12 | 00,369,024 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Stopped])
DRV - [2008/12/08 10:30:22 | 00,028,672 | ---- | M] (MICRO-STAR INT'L CO., LTD.) -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter [On_Demand | Running])
DRV - [2008/07/21 08:11:58 | 00,024,392 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [1996/04/03 15:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2008/02/09 19:00:05 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2007/12/31 05:26:55 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/10/30 05:25:53 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2007/10/30 05:25:54 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2007/10/30 05:25:55 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2007/11/01 14:38:56 | 04,620,288 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/02/29 03:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Stopped])
DRV - [2008/02/29 03:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2007/03/20 11:33:26 | 00,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys -- (libusb0 [On_Demand | Running])
DRV - [2008/06/07 00:47:13 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008/07/24 19:46:12 | 00,012,856 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo [Auto | Running])
DRV - [2008/07/24 19:45:20 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\lmimirr.sys -- (lmimirr [On_Demand | Running])
DRV - [2008/10/16 21:35:58 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP [Disabled | Stopped])
DRV - [2008/07/24 19:46:10 | 00,047,640 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver [Auto | Running])
DRV - [2008/02/29 03:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2008/02/29 03:13:46 | 00,028,944 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys -- (LUsbFilt [On_Demand | Running])
DRV - [2004/08/12 22:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2009/07/14 14:54:00 | 07,741,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/04/24 05:52:28 | 00,100,736 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2007/10/12 04:15:08 | 00,054,144 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2007/10/12 04:15:10 | 00,022,016 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2004/09/07 16:42:02 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50 [On_Demand | Stopped])
DRV - [2008/10/06 16:42:57 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2001/08/23 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/01/04 17:58:46 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/07/24 19:45:20 | 00,012,192 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\radpms.sys -- (radpms [On_Demand | Stopped])
DRV - [2009/02/25 13:55:00 | 00,009,088 | ---- | M] () -- C:\Program Files\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Running])
DRV - [2007/12/31 05:28:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2006/09/24 09:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2008/01/19 22:17:17 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/09/10 16:45:18 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/03 18:04:34 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
DRV - [2007/06/28 21:42:02 | 00,025,984 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\System32\drivers\WDMTuner.sys -- (WDMTVTuner [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1005\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1005\S-1-5-21-1491950412-2009852829-4049741679-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.1
FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.20
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.395
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.7.7
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.5.0
FF - prefs.js..extensions.enabledItems: {89f8dde0-010a-11da-8cd6-0800200c9a66}:1.0.0.16
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:2.95

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/17 17:05:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/23 10:54:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/30 13:01:29 | 00,000,000 | ---D | M]

[2009/05/30 12:02:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Extensions
[2008/09/11 15:15:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/30 12:02:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/08/02 17:54:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions
[2009/06/18 14:34:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/07/31 17:19:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/10/16 21:19:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/06/03 12:09:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/06/18 14:34:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2008/12/10 22:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}
[2009/07/20 16:12:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/03/23 16:13:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\ctrl-tab@design-noir.de
[2008/11/24 18:55:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\LogMeInClient@logmein.com
[2009/03/28 13:59:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\moveplayer@movenetworks.com
[2009/07/13 22:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\piclens@cooliris.com
[2009/07/13 22:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\piclens@cooliris.com-trash
[2008/12/29 15:55:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\redshift_V2@shift-themes.com
[2008/12/29 16:00:34 | 00,001,504 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\imdb.xml
[2009/06/10 11:49:18 | 00,002,006 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\urban-dictionary.xml
[2008/12/29 16:00:56 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\weathercom.xml
[2008/09/11 15:36:40 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\webster.xml
[2008/09/11 15:36:42 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\wikipedia-en.xml
[2008/02/13 22:25:37 | 00,002,105 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\youtube-video-search.xml
[2009/08/02 17:54:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/23 10:54:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/04 22:37:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/16 20:34:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/20 14:48:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/23 10:54:41 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/23 10:54:41 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/10/17 14:29:52 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/09/15 20:12:12 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/12/19 08:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/07/23 10:54:42 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/09/13 19:21:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/12/19 06:13:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/19 06:13:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/19 06:13:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/19 06:13:20 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/19 06:13:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/19 06:13:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LexPPS.exe] C:\WINDOWS\System32\lexpps.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RivaTuner] C:\Program Files\RivaTuner v2.24\RivaTuner.exe ()
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24\RivaTuner.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe ()
O4 - HKLM..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (U.S. Robotics Corporation)
O4 - HKU\S-1-5-19..\Run: [gofisigilo] C:\WINDOWS\System32\guvebosa.DLL File not found
O4 - HKU\S-1-5-20..\Run: [gofisigilo] C:\WINDOWS\System32\nuhufise.DLL File not found
O4 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1005..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1005..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1005..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1005..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1005..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1229454768968 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1229454486187 (MUWebControl Class)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) - C:\WINDOWS\System32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (Stardock Corporation)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/13 23:16:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/05 18:40:10 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Johanan\Desktop\OTL.exe
[2009/08/02 18:10:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johanan\Application Data\ImgBurn
[2009/07/30 20:09:05 | 00,000,000 | ---D | C] -- C:\spoolerlogs
[2009/07/30 13:01:16 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/07/25 22:15:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2009/07/23 10:59:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johanan\My Documents\CAPCOM
[2009/07/23 10:54:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johanan\Local Settings\Application Data\CAPCOM
[2009/07/23 10:46:43 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009/07/23 10:46:43 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009/07/23 10:46:43 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009/07/23 10:46:42 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009/07/23 10:46:42 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2009/07/23 10:46:42 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009/07/21 20:18:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johanan\Application Data\Google
[2009/07/21 15:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/07/20 20:41:45 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\geyekrnsrqxfuj.dat
[2009/07/20 20:31:40 | 00,003,983 | ---- | C] () -- C:\WINDOWS\System32\geyekrohflovma.dat
[2009/07/20 20:12:32 | 34,881,41312 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/20 19:26:54 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/19 22:16:06 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\geyekrblkayuxc.dat
[2009/07/19 22:06:02 | 00,005,239 | ---- | C] () -- C:\WINDOWS\System32\geyekrfevnrssm.dat
[2009/07/16 17:03:32 | 00,000,000 | ---D | C] -- C:\Program Files\RivaTuner v2.24
[2009/07/14 13:35:08 | 02,173,472 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcplui.exe
[2009/07/14 13:35:08 | 00,420,384 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.cpl
[2009/07/14 13:35:04 | 00,081,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2009/07/14 13:35:00 | 04,026,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvitvs.dll
[2009/07/14 13:35:00 | 03,170,304 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwss.dll
[2009/07/14 13:34:58 | 13,877,248 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2009/07/14 13:34:58 | 04,923,392 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdisps.dll
[2009/07/14 13:34:58 | 03,547,136 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgames.dll
[2009/07/14 13:34:58 | 01,286,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmobls.dll
[2009/07/14 13:34:58 | 00,243,457 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2009/07/14 13:34:58 | 00,188,416 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccss.dll
[2009/07/14 13:34:58 | 00,168,004 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
[2009/07/14 13:34:58 | 00,143,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2009/07/14 13:34:58 | 00,086,016 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2009/07/14 13:34:58 | 00,066,834 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/07/14 13:34:56 | 00,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2009/07/14 13:09:32 | 00,046,784 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\vlcsnap-5201553.jpg
[2009/06/28 22:32:39 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2009/05/01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/22 00:19:06 | 00,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/02/28 14:25:41 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/30 12:59:57 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/30 12:59:57 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/07 14:33:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/15 20:14:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 20:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/15 20:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/15 20:11:10 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/06/07 00:47:13 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/06/07 00:47:13 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/06/06 22:32:24 | 00,015,498 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/06/06 22:09:20 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/06/06 22:09:20 | 00,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/06/06 21:59:07 | 00,015,746 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/06/06 21:58:45 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/06/06 21:58:29 | 00,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/04/13 12:01:13 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\Cylon.dll
[2008/04/13 12:01:13 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\usrnicvw.dll
[2008/04/13 12:01:12 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/03/26 17:02:17 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/03/22 12:18:28 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/03/16 14:11:52 | 00,000,182 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/15 16:31:08 | 00,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2008/03/15 16:27:53 | 00,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2008/03/15 16:24:13 | 00,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2008/02/24 20:04:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/02/16 22:35:15 | 00,000,033 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/02/13 20:47:36 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/02/10 20:09:06 | 00,000,171 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/02/10 20:08:55 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2008/02/10 20:08:55 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2008/02/10 20:08:49 | 00,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2008/02/03 23:10:24 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/02/03 23:10:24 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/02/03 23:10:24 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/02/03 14:46:45 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/01/22 21:12:22 | 00,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2008/01/22 21:02:37 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/22 19:01:16 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/01/19 22:17:16 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/01/13 23:36:02 | 00,000,137 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2007/07/25 09:24:28 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/10 07:51:48 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2002/10/15 18:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/08/23 08:00:00 | 00,000,593 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[11 C:\WINDOWS\*.tmp files]
[2009/08/05 18:35:04 | 39,553,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/05 18:35:04 | 00,059,679 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/05 18:33:40 | 00,243,457 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/08/05 17:10:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/05 17:10:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/05 17:10:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/05 17:10:44 | 34,881,41312 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/04 20:23:06 | 03,709,912 | -H-- | M] () -- C:\Documents and Settings\Johanan\Local Settings\Application Data\IconCache.db
[2009/08/02 16:13:39 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Johanan\Desktop\iTunes.lnk
[2009/08/01 18:41:11 | 00,230,912 | ---- | M] () -- C:\Documents and Settings\Johanan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/01 13:25:30 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johanan\Desktop\OTL.exe
[2009/08/01 10:05:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/25 17:25:22 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\mimokudu
[2009/07/21 11:02:57 | 00,003,983 | ---- | M] () -- C:\WINDOWS\System32\geyekrohflovma.dat
[2009/07/21 11:02:57 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\geyekrnsrqxfuj.dat
[2009/07/20 16:57:32 | 00,005,239 | ---- | M] () -- C:\WINDOWS\System32\geyekrfevnrssm.dat
[2009/07/20 16:57:32 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\geyekrblkayuxc.dat
[2009/07/20 10:29:49 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/14 14:54:00 | 10,457,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2009/07/14 14:54:00 | 07,741,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2009/07/14 14:54:00 | 07,741,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2009/07/14 14:54:00 | 05,842,816 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2009/07/14 14:54:00 | 02,189,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2009/07/14 14:54:00 | 02,002,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2009/07/14 14:54:00 | 01,706,528 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2009/07/14 14:54:00 | 01,597,690 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2009/07/14 14:54:00 | 00,868,352 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2009/07/14 14:54:00 | 00,485,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2009/07/14 14:54:00 | 00,151,552 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2009/07/14 14:54:00 | 00,151,552 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2009/07/14 14:54:00 | 00,019,495 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2009/07/14 13:35:08 | 02,173,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcplui.exe
[2009/07/14 13:35:08 | 00,420,384 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.cpl
[2009/07/14 13:35:04 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2009/07/14 13:35:00 | 04,026,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvitvs.dll
[2009/07/14 13:35:00 | 03,170,304 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwss.dll
[2009/07/14 13:34:58 | 13,877,248 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2009/07/14 13:34:58 | 04,923,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdisps.dll
[2009/07/14 13:34:58 | 03,547,136 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgames.dll
[2009/07/14 13:34:58 | 01,286,144 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmobls.dll
[2009/07/14 13:34:58 | 00,188,416 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccss.dll
[2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
[2009/07/14 13:34:58 | 00,143,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2009/07/14 13:34:58 | 00,086,016 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2009/07/14 13:34:58 | 00,066,834 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/07/14 13:34:56 | 00,229,376 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2009/07/13 17:32:49 | 00,020,456 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/10 07:01:34 | 00,485,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
< End of report >

===Extras===

OTL Extras logfile created on: 8/5/2009 6:40:42 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Johanan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.82 Gb Available in Paging File | 95.58% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 37.86 Gb Free Space | 16.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 596.17 Gb Total Space | 377.03 Gb Free Space | 63.24% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANONYMOUS
Current User Name: Johanan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"13003:TCP" = 13003:TCP:*:Enabled:uTorrent Port
"13003:UDP" = 13003:UDP:*:Enabled:uTorrent Port
"6112:TCP" = 6112:TCP:*:Enabled:Warcraft 3 Hosting
"6112:UDP" = 6112:UDP:*:Enabled:Warcraft 3 Hosting

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"C:\Program Files\Diablo II\Loader 1.11b.exe" = C:\Program Files\Diablo II\Loader 1.11b.exe:*:Enabled:Diablo II -- (Tsinghua Unversity)
"C:\Program Files\Steam\steamapps\the_cancer\source sdk base\hl2.exe" = C:\Program Files\Steam\steamapps\the_cancer\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe" = C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London -- (Flagship Studios)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Steam\steamapps\the_cancer\half-life\hl.exe" = C:\Program Files\Steam\steamapps\the_cancer\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Liquid Entertainment\War of the Ring™\Rings.exe" = C:\Program Files\Liquid Entertainment\War of the Ring™\Rings.exe:*:Enabled:Rings -- File not found
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe" = C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 -- ()
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe" = C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update -- (Ubisoft)
"C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II -- (*DEV!ANCE*)
"C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat" = C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king -- (Electronic Arts Inc.)
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™ -- ()
"C:\Program Files\Mass Effect\MassEffectLauncher.exe" = C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe" = C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe" = C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe" = C:\Program Files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™ -- (EA Digital Illusions CE AB)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\SilkroadAddiction ecSRO\SilkErrSender.exe" = C:\Program Files\SilkroadAddiction ecSRO\SilkErrSender.exe:*:Enabled:FTPSender MFC ?? ???? -- ()
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\Electronic Arts\The Lord of the Rings - Conquest™\Conquest.exe" = C:\Program Files\Electronic Arts\The Lord of the Rings - Conquest™\Conquest.exe:*:Enabled:Game -- (Electronic Arts Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Left4Dead\hl2.exe" = C:\Program Files\Left4Dead\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Activision\Prototype\prototypef.exe" = C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype™ -- (Activision)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Left4Dead\left4dead.exe" = C:\Program Files\Left4Dead\left4dead.exe:*:Enabled:left4dead -- ()
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"E:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe" = E:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\logonuiX.exe" = C:\WINDOWS\system32\logonuiX.exe:*:Enabled:logonuiX -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{366E24C6-9097-4F63-BF42-3F3EF356A960}" = Photosynth 2.0.1519.16
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3EDFFD11-B9AB-4296-9757-B5AF1F2B8E5C}" = Beyond TV DVD Burning Foundation
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{628C3D50-F524-4C49-A958-672CE7953756}" = The Lord of the Rings - Conquest™
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676B241C-AED4-400B-98FF-267773B94B11}_is1" = QuickFreedom 1.2.0
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BCAFB73-49AE-4AC4-00A1-70E4EC38BD4E}" = The Lord of the Rings, The Rise of the Witch-king
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{962E05CF-3394-496D-0091-850CF1762F6B}" = The Battle for Middle-earth ™
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9B5B156B-9A4B-48FB-AA59-47B221495A7B}" = Logitech GamePanel Software 3.01
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D8C2C5B1-1A88-4B87-9116-59D082B1CE30}" = Visual Studio 2005 Redist Package
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DDD1C561-974F-4D4A-ABBC-507005193CDB}_is1" = SRA ecSRO
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FF940279-F775-4FA8-98CD-9F0B36FCEA60}_is1" = Frets on Fire MFH Mod v3.000
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"Armadillo Run_is1" = Armadillo Run Version 1.0.1
"AutoGK" = Auto Gordian Knot 2.45
"AVG8Uninstall" = AVG Free 8.5
"AviSynth" = AviSynth 2.5
"BootSkin" = BootSkin
"Catechumen" = Catechumen
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"Diablo II" = Diablo II
"DualCoreCenter_is1" = DualCoreCenter
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.9.11
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"Guild Wars" = Guild Wars
"Hamachi" = Hamachi 1.0.3.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Left 4 Dead_is1" = Left 4 Dead v1.0.0.5
"Lexmark X1100 Series" = Lexmark X1100 Series
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.1
"LimeWire" = LimeWire 5.1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"Natural Mod" = Natural Mod
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"OpenAL" = OpenAL
"PE Builder_is1" = PE Builder 3.1.10a
"Plants vs. Zombies" = Plants vs. Zombies
"PSP Video 9" = PSP Video 9 2.25
"PunkBusterSvc" = PunkBuster Services
"Registry Mechanic_is1" = Registry Mechanic 7.0
"RivaTuner" = RivaTuner v2.24
"Shop for HP Supplies" = Shop for HP Supplies
"SpeedFan" = SpeedFan (remove only)
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 70" = Half-Life
"SystemRequirementsLab" = System Requirements Lab
"ToolTipFixer" = ToolTipFixer 1.0.1
"Trillian" = Trillian
"U.S. Robotics Wireless MAXg Adapter" = U.S. Robotics Wireless MAXg Adapter
"VLC media player" = VLC media player 0.9.4
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WindowBlinds" = WindowBlinds
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/3/2009 2:21:26 PM | Computer Name = ANONYMOUS | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 8/3/2009 2:27:26 PM | Computer Name = ANONYMOUS | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 8/3/2009 3:02:02 PM | Computer Name = ANONYMOUS | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 8/4/2009 7:51:21 PM | Computer Name = ANONYMOUS | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 8/4/2009 7:51:21 PM | Computer Name = ANONYMOUS | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 8/4/2009 7:51:21 PM | Computer Name = ANONYMOUS | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 8/5/2009 5:11:29 PM | Computer Name = ANONYMOUS | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 8/5/2009 5:12:51 PM | Computer Name = ANONYMOUS | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 8/5/2009 5:12:52 PM | Computer Name = ANONYMOUS | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 8/5/2009 6:33:37 PM | Computer Name = ANONYMOUS | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

[ System Events ]
Error - 8/2/2009 11:27:47 AM | Computer Name = ANONYMOUS | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 7A79059E9F98. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 8/3/2009 7:34:19 AM | Computer Name = ANONYMOUS | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 5.158.159.152 on
the Network Card with network address 7A79059E9F98.

Error - 8/3/2009 7:34:28 AM | Computer Name = ANONYMOUS | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 7A79059E9F98. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 8/3/2009 1:47:49 PM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 8/4/2009 7:51:12 PM | Computer Name = ANONYMOUS | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 5.158.159.152 on
the Network Card with network address 7A79059E9F98.

Error - 8/5/2009 5:12:31 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The SAA7130 TV Card service failed to start due to the following error:
%%1058

Error - 8/5/2009 5:12:31 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The Universal WDM TV Tuner service failed to start due to the following
error: %%1058

Error - 8/5/2009 5:12:50 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/5/2009 6:33:13 PM | Computer Name = ANONYMOUS | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 5.158.159.152 on
the Network Card with network address 7A79059E9F98.

Error - 8/5/2009 6:33:15 PM | Computer Name = ANONYMOUS | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 7A79059E9F98. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.


< End of report >

Thanks for your help and the time you all put into this.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:02:53 PM

Posted 05 August 2009 - 09:13 PM

Hello.

Backup your Registry First!

Backup Registry with ERUNT

This tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

---

Run Script with OTL
  • Please reopen Posted Image on your desktop.If you are using Vista, please right-click and select run as administrator
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
O4 - HKU\S-1-5-19..\Run: [gofisigilo] C:\WINDOWS\System32\guvebosa.DLL File not found
O4 - HKU\S-1-5-20..\Run: [gofisigilo] C:\WINDOWS\System32\nuhufise.DLL File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
:Files
C:\WINDOWS\System32\geyekrnsrqxfuj.dat
C:\WINDOWS\System32\geyekrohflovma.dat
C:\WINDOWS\System32\geyekrblkayuxc.dat
C:\WINDOWS\System32\geyekrfevnrssm.dat
C:\WINDOWS\System32\mimokudu
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\drivers\svchost.exe"=-
:commands
[EmptyTemp]
[Reboot]
  • Push Posted Image
  • OTLI2 may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. The name of the log will in the following format: xxxxxxxx_xxxxxx. x representing the month, date, year and time the log was created. Eg: 03062009_170403

Please post a new OTL log afterwards by running OTL again.

How is your computer still running? Any more re-directs/symptoms?

Post back with:
-OTL FIX log
-OTL SCAN log

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 RedPenumbra

RedPenumbra
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
    •  
  • Local time:02:53 PM

Posted 05 August 2009 - 09:32 PM

Thanks for the quick reply!

===OTL Fix Log===

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\gofisigilo deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\gofisigilo deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\0aMCPClient deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}\ not found.
========== FILES ==========
C:\WINDOWS\System32\geyekrnsrqxfuj.dat moved successfully.
C:\WINDOWS\System32\geyekrohflovma.dat moved successfully.
C:\WINDOWS\System32\geyekrblkayuxc.dat moved successfully.
C:\WINDOWS\System32\geyekrfevnrssm.dat moved successfully.
C:\WINDOWS\System32\mimokudu moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\drivers\svchost.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Everyone Else
->Temp folder emptied: 10195441 bytes
->Temporary Internet Files folder emptied: 42352706 bytes
->Java cache emptied: 2342853 bytes
->FireFox cache emptied: 109756792 bytes

User: Johanan
->Temp folder emptied: 47191148 bytes
->Temporary Internet Files folder emptied: 35064726 bytes
->Java cache emptied: 21987210 bytes
->FireFox cache emptied: 139671883 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\A7E07C2B2220441587E3784D5814BC93.TMP folder deleted successfully.
C:\WINDOWS\NV14643160.TMP folder deleted successfully.
C:\WINDOWS\NV18563912.TMP folder deleted successfully.
C:\WINDOWS\NV24082136.TMP folder deleted successfully.
C:\WINDOWS\NV29881956.TMP folder deleted successfully.
C:\WINDOWS\NV30963656.TMP folder deleted successfully.
C:\WINDOWS\NV33044040.TMP folder deleted successfully.
C:\WINDOWS\NV7121168.TMP folder deleted successfully.
C:\WINDOWS\NV7521052.TMP folder deleted successfully.
C:\WINDOWS\NV880912.TMP folder deleted successfully.
C:\WINDOWS\NV8843448.TMP folder deleted successfully.
%systemroot% .tmp files removed: 14937277 bytes
%systemroot%\System32 .tmp files removed: 859665 bytes
Windows Temp folder emptied: 13057986 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 417.19 mb


OTL by OldTimer - Version 3.0.10.4 log created on 08052009_221824

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

===OTL Scan Log===

OTL logfile created on: 8/5/2009 10:25:42 PM - Run 2
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Johanan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 38.17 Gb Free Space | 16.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 596.17 Gb Total Space | 375.91 Gb Free Space | 63.05% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANONYMOUS
Current User Name: Johanan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/03/02 11:18:26 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2005/02/07 13:07:50 | 00,819,315 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2003/08/18 11:37:10 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2003/08/18 11:32:56 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE
PRC - [2007/12/31 05:26:49 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/14 14:41:21 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/10/16 21:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/10/16 21:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/06/14 14:41:26 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/06/14 14:41:26 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/10/30 17:56:33 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
PRC - [2008/10/30 17:56:40 | 00,107,832 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
PRC - [2003/08/19 11:43:48 | 00,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
PRC - [2007/06/28 21:41:56 | 00,352,256 | R--- | M] () -- C:\WINDOWS\713xRMTMon.exe
PRC - [2005/01/20 16:45:34 | 00,639,080 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\WLTRAY.exe
PRC - [2003/08/19 12:00:40 | 00,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/06/10 12:56:30 | 01,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2007/10/14 22:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2008/07/24 19:46:10 | 00,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/11/06 12:41:14 | 00,358,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
PRC - [2008/11/06 12:21:42 | 01,548,296 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2008/11/06 12:39:46 | 02,816,520 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2009/06/14 14:41:22 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/10/25 11:57:56 | 16,855,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/02/25 13:55:00 | 02,781,184 | ---- | M] () -- C:\Program Files\RivaTuner v2.24\RivaTuner.exe
PRC - [2008/10/16 21:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/06/10 12:56:28 | 00,447,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2007/06/27 01:20:16 | 00,010,240 | ---- | M] (NeoSmart Technologies) -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
PRC - [2008/11/06 12:21:14 | 00,676,360 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
PRC - [2008/11/06 12:21:24 | 00,523,784 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
PRC - [2008/11/06 12:21:32 | 00,526,856 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2008/11/06 12:22:12 | 00,473,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
PRC - [2008/11/06 12:22:22 | 00,498,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
PRC - [2007/10/14 21:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/06/17 17:05:10 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2008/05/02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/06/14 14:41:22 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/06/11 10:00:04 | 32,018,432 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
PRC - [2008/05/02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/08/03 19:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2007/10/19 21:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2007/10/19 21:46:08 | 00,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007/11/02 21:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/07/30 07:26:38 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/01 13:25:30 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johanan\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/06/17 17:05:10 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/06/14 14:41:21 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/03 19:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/11/06 22:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/11/06 22:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2003/08/18 11:37:10 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2008/10/16 21:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto | Running])
SRV - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Running])
SRV - [2006/11/08 17:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/11/08 17:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/10/30 17:56:33 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2008/10/30 17:56:40 | 00,107,832 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2007/06/27 01:20:16 | 00,010,240 | ---- | M] (NeoSmart Technologies) -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe -- (TTFixerService [Auto | Running])
SRV - [2005/03/02 11:18:26 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2007/06/28 21:42:02 | 00,279,552 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\System32\DRIVERS\SAA713x.sys -- (713xTVCard [Auto | Stopped])
DRV - [2008/04/13 12:01:31 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2008/09/20 06:44:11 | 00,099,648 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2008/06/07 00:47:13 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009/07/20 10:29:49 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/17 17:05:14 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/06/14 14:41:40 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2004/12/22 02:32:12 | 00,369,024 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Stopped])
DRV - [2008/12/08 10:30:22 | 00,028,672 | ---- | M] (MICRO-STAR INT'L CO., LTD.) -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter [On_Demand | Running])
DRV - [2008/07/21 08:11:58 | 00,024,392 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [1996/04/03 15:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2008/02/09 19:00:05 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2007/12/31 05:26:55 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/10/30 05:25:53 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2007/10/30 05:25:54 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2007/10/30 05:25:55 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2007/11/01 14:38:56 | 04,620,288 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/02/29 03:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Stopped])
DRV - [2008/02/29 03:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2007/03/20 11:33:26 | 00,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys -- (libusb0 [On_Demand | Running])
DRV - [2008/06/07 00:47:13 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008/07/24 19:46:12 | 00,012,856 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo [Auto | Running])
DRV - [2008/07/24 19:45:20 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\lmimirr.sys -- (lmimirr [On_Demand | Running])
DRV - [2008/10/16 21:35:58 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP [Disabled | Stopped])
DRV - [2008/07/24 19:46:10 | 00,047,640 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver [Auto | Running])
DRV - [2008/02/29 03:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2008/02/29 03:13:46 | 00,028,944 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys -- (LUsbFilt [On_Demand | Running])
DRV - [2004/08/12 22:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2009/07/14 14:54:00 | 07,741,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/04/24 05:52:28 | 00,100,736 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2007/10/12 04:15:08 | 00,054,144 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2007/10/12 04:15:10 | 00,022,016 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2004/09/07 16:42:02 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50 [On_Demand | Stopped])
DRV - [2008/10/06 16:42:57 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2001/08/23 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/01/04 17:58:46 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/07/24 19:45:20 | 00,012,192 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\radpms.sys -- (radpms [On_Demand | Stopped])
DRV - [2009/02/25 13:55:00 | 00,009,088 | ---- | M] () -- C:\Program Files\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Running])
DRV - [2007/12/31 05:28:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2006/09/24 09:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2008/01/19 22:17:17 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/09/10 16:45:18 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/03 18:04:34 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
DRV - [2007/06/28 21:42:02 | 00,025,984 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\System32\drivers\WDMTuner.sys -- (WDMTVTuner [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.1
FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.20
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.7.7
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.5.0
FF - prefs.js..extensions.enabledItems: {89f8dde0-010a-11da-8cd6-0800200c9a66}:1.0.0.16
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/17 17:05:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/05 19:51:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/05 19:51:51 | 00,000,000 | ---D | M]

[2009/05/30 12:02:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Extensions
[2008/09/11 15:15:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/30 12:02:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/08/05 19:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions
[2009/06/18 14:34:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/07/31 17:19:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/10/16 21:19:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/06/03 12:09:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/06/18 14:34:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2008/12/10 22:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}
[2009/07/20 16:12:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/03/23 16:13:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\ctrl-tab@design-noir.de
[2008/11/24 18:55:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\LogMeInClient@logmein.com
[2009/03/28 13:59:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\moveplayer@movenetworks.com
[2009/07/13 22:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\piclens@cooliris.com
[2009/07/13 22:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\piclens@cooliris.com-trash
[2008/12/29 15:55:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\redshift_V2@shift-themes.com
[2008/12/29 16:00:34 | 00,001,504 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\imdb.xml
[2009/06/10 11:49:18 | 00,002,006 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\urban-dictionary.xml
[2008/12/29 16:00:56 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\weathercom.xml
[2008/09/11 15:36:40 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\webster.xml
[2008/09/11 15:36:42 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\wikipedia-en.xml
[2008/02/13 22:25:37 | 00,002,105 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\youtube-video-search.xml
[2009/08/05 18:44:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 19:51:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/04 22:37:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/16 20:34:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/20 14:48:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/30 07:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 07:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/10/17 14:29:52 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/09/15 20:12:12 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/12/19 08:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/07/30 07:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/09/13 19:21:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/30 03:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 03:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 03:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 03:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 03:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 03:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 03:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RivaTuner] C:\Program Files\RivaTuner v2.24\RivaTuner.exe ()
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24\RivaTuner.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe ()
O4 - HKLM..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (U.S. Robotics Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Johanan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1229454768968 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1229454486187 (MUWebControl Class)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) - C:\WINDOWS\System32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (Stardock Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/13 23:16:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/05 22:18:24 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/05 22:16:46 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Johanan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/05 22:16:45 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Johanan\Desktop\ERUNT.lnk
[2009/08/05 22:16:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/05 22:14:33 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Johanan\Desktop\erunt-setup.exe
[2009/08/05 18:40:10 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Johanan\Desktop\OTL.exe
[2009/08/02 18:10:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johanan\Application Data\ImgBurn
[2009/07/30 20:09:05 | 00,000,000 | ---D | C] -- C:\spoolerlogs
[2009/07/30 13:01:16 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/07/25 22:15:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2009/07/23 10:59:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johanan\My Documents\CAPCOM
[2009/07/23 10:54:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johanan\Local Settings\Application Data\CAPCOM
[2009/07/23 10:46:43 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009/07/23 10:46:43 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009/07/23 10:46:43 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009/07/23 10:46:42 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009/07/23 10:46:42 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2009/07/23 10:46:42 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009/07/21 20:18:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johanan\Application Data\Google
[2009/07/21 15:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/07/20 20:12:32 | 34,881,41312 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/20 19:26:54 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/16 17:03:32 | 00,000,000 | ---D | C] -- C:\Program Files\RivaTuner v2.24
[2009/07/14 13:35:08 | 02,173,472 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcplui.exe
[2009/07/14 13:35:08 | 00,420,384 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.cpl
[2009/07/14 13:35:04 | 00,081,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2009/07/14 13:35:00 | 04,026,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvitvs.dll
[2009/07/14 13:35:00 | 03,170,304 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwss.dll
[2009/07/14 13:34:58 | 13,877,248 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2009/07/14 13:34:58 | 04,923,392 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdisps.dll
[2009/07/14 13:34:58 | 03,547,136 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgames.dll
[2009/07/14 13:34:58 | 01,286,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmobls.dll
[2009/07/14 13:34:58 | 00,243,457 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2009/07/14 13:34:58 | 00,188,416 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccss.dll
[2009/07/14 13:34:58 | 00,168,004 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
[2009/07/14 13:34:58 | 00,143,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2009/07/14 13:34:58 | 00,086,016 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2009/07/14 13:34:58 | 00,066,834 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/07/14 13:34:56 | 00,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2009/07/14 13:09:32 | 00,046,784 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\vlcsnap-5201553.jpg
[2009/06/28 22:32:39 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2009/05/01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/22 00:19:06 | 00,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/02/28 14:25:41 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/30 12:59:57 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/30 12:59:57 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/07 14:33:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/15 20:14:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 20:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/15 20:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/15 20:11:10 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/06/07 00:47:13 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/06/07 00:47:13 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/06/06 22:32:24 | 00,015,498 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/06/06 22:09:20 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/06/06 22:09:20 | 00,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/06/06 21:59:07 | 00,015,746 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/06/06 21:58:45 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/06/06 21:58:29 | 00,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/04/13 12:01:13 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\Cylon.dll
[2008/04/13 12:01:13 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\usrnicvw.dll
[2008/04/13 12:01:12 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/03/26 17:02:17 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/03/22 12:18:28 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/03/16 14:11:52 | 00,000,182 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/15 16:31:08 | 00,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2008/03/15 16:27:53 | 00,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2008/03/15 16:24:13 | 00,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2008/02/24 20:04:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/02/16 22:35:15 | 00,000,033 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/02/13 20:47:36 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/02/10 20:09:06 | 00,000,171 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/02/10 20:08:55 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2008/02/10 20:08:55 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2008/02/10 20:08:49 | 00,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2008/02/03 23:10:24 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/02/03 23:10:24 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/02/03 23:10:24 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/02/03 14:46:45 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/01/22 21:12:22 | 00,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2008/01/22 21:02:37 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/22 19:01:16 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/01/19 22:17:16 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/01/13 23:36:02 | 00,000,137 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2007/07/25 09:24:28 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/10 07:51:48 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2002/10/15 18:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/08/23 08:00:00 | 00,000,593 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[2009/08/05 22:20:31 | 00,243,457 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/08/05 22:20:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/05 22:20:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/05 22:20:04 | 34,881,41312 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/05 22:16:46 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Johanan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/05 22:16:45 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Johanan\Desktop\ERUNT.lnk
[2009/08/05 20:46:19 | 00,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2009/08/05 19:51:53 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Firefox.lnk
[2009/08/05 18:35:04 | 39,553,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/05 18:35:04 | 00,059,679 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/05 17:10:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/04 20:23:06 | 03,709,912 | -H-- | M] () -- C:\Documents and Settings\Johanan\Local Settings\Application Data\IconCache.db
[2009/08/02 16:13:39 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Johanan\Desktop\iTunes.lnk
[2009/08/01 18:41:11 | 00,230,912 | ---- | M] () -- C:\Documents and Settings\Johanan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/01 13:25:30 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johanan\Desktop\OTL.exe
[2009/08/01 10:05:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/20 10:29:49 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/14 14:54:00 | 10,457,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2009/07/14 14:54:00 | 07,741,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2009/07/14 14:54:00 | 07,741,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2009/07/14 14:54:00 | 05,842,816 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2009/07/14 14:54:00 | 02,189,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2009/07/14 14:54:00 | 02,002,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2009/07/14 14:54:00 | 01,706,528 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2009/07/14 14:54:00 | 01,597,690 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2009/07/14 14:54:00 | 00,868,352 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2009/07/14 14:54:00 | 00,485,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2009/07/14 14:54:00 | 00,151,552 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2009/07/14 14:54:00 | 00,151,552 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2009/07/14 14:54:00 | 00,019,495 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2009/07/14 13:35:08 | 02,173,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcplui.exe
[2009/07/14 13:35:08 | 00,420,384 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.cpl
[2009/07/14 13:35:04 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2009/07/14 13:35:00 | 04,026,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvitvs.dll
[2009/07/14 13:35:00 | 03,170,304 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwss.dll
[2009/07/14 13:34:58 | 13,877,248 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2009/07/14 13:34:58 | 04,923,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdisps.dll
[2009/07/14 13:34:58 | 03,547,136 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgames.dll
[2009/07/14 13:34:58 | 01,286,144 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmobls.dll
[2009/07/14 13:34:58 | 00,188,416 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccss.dll
[2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
[2009/07/14 13:34:58 | 00,143,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2009/07/14 13:34:58 | 00,086,016 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2009/07/14 13:34:58 | 00,066,834 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/07/14 13:34:56 | 00,229,376 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2009/07/13 17:32:49 | 00,020,456 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/10 07:01:34 | 00,485,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
< End of report >

Thanks again!

EDIT: Oh, and my system is running much better now. I haven't had any redirects, and it seems to overall be running more smoothly.

Edited by RedPenumbra, 05 August 2009 - 09:34 PM.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:02:53 PM

Posted 05 August 2009 - 09:52 PM

Hello.

let's run an online scan and see what's left.

Please update your Java to version 6 update 15, if you have not done so already please.

Thanks.

Update Java to Version 6 Update 15

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 15.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u15-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Please also, re-run OTL afterwards and post back with the log in addition to the Kaspersky log.

Thanks.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 RedPenumbra

RedPenumbra
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
    •  
  • Local time:02:53 PM

Posted 06 August 2009 - 10:19 AM

The Kaspersky scan came back clean.

===OTL Scan Log===

OTL logfile created on: 8/6/2009 10:58:19 AM - Run 3
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Johanan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.76 Gb Available in Paging File | 93.98% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 37.91 Gb Free Space | 16.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 596.17 Gb Total Space | 375.87 Gb Free Space | 63.05% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANONYMOUS
Current User Name: Johanan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005/03/02 11:18:26 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2005/02/07 13:07:50 | 00,819,315 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2003/08/18 11:37:10 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2003/08/18 11:32:56 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE
PRC - [2007/12/31 05:26:49 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/14 14:41:21 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/16 21:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/10/16 21:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/06/14 14:41:26 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/06/14 14:41:26 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/10/30 17:56:33 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
PRC - [2008/10/30 17:56:40 | 00,107,832 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
PRC - [2003/08/19 11:43:48 | 00,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
PRC - [2007/06/28 21:41:56 | 00,352,256 | R--- | M] () -- C:\WINDOWS\713xRMTMon.exe
PRC - [2005/01/20 16:45:34 | 00,639,080 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\WLTRAY.exe
PRC - [2003/08/19 12:00:40 | 00,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/06/10 12:56:30 | 01,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2007/10/14 22:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2008/07/24 19:46:10 | 00,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/11/06 12:41:14 | 00,358,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
PRC - [2008/11/06 12:21:42 | 01,548,296 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2008/11/06 12:39:46 | 02,816,520 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2009/06/14 14:41:22 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/10/25 11:57:56 | 16,855,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/02/25 13:55:00 | 02,781,184 | ---- | M] () -- C:\Program Files\RivaTuner v2.24\RivaTuner.exe
PRC - [2008/10/16 21:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/06/10 12:56:28 | 00,447,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2007/06/27 01:20:16 | 00,010,240 | ---- | M] (NeoSmart Technologies) -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
PRC - [2008/11/06 12:21:14 | 00,676,360 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
PRC - [2008/11/06 12:21:24 | 00,523,784 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
PRC - [2008/11/06 12:21:32 | 00,526,856 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2008/11/06 12:22:12 | 00,473,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
PRC - [2008/11/06 12:22:22 | 00,498,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
PRC - [2007/10/14 21:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/06/17 17:05:10 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2008/05/02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/06/14 14:41:22 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/06/11 10:00:04 | 32,018,432 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
PRC - [2008/05/02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/08/03 19:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2007/10/19 21:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2007/10/19 21:46:08 | 00,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007/11/02 21:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/08/05 23:03:51 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/30 07:26:38 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/01 13:25:30 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johanan\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/06/17 17:05:10 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/06/14 14:41:21 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/03 19:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/11/06 22:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/11/06 22:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/08/05 23:03:51 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2003/08/18 11:37:10 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2008/10/16 21:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto | Running])
SRV - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Running])
SRV - [2006/11/08 17:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/11/08 17:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/10/30 17:56:33 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2008/10/30 17:56:40 | 00,107,832 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2007/06/27 01:20:16 | 00,010,240 | ---- | M] (NeoSmart Technologies) -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe -- (TTFixerService [Auto | Running])
SRV - [2005/03/02 11:18:26 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2007/06/28 21:42:02 | 00,279,552 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\System32\DRIVERS\SAA713x.sys -- (713xTVCard [Auto | Stopped])
DRV - [2008/04/13 12:01:31 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2008/09/20 06:44:11 | 00,099,648 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2008/06/07 00:47:13 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009/07/20 10:29:49 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/17 17:05:14 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/06/14 14:41:40 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2004/12/22 02:32:12 | 00,369,024 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Stopped])
DRV - [2008/12/08 10:30:22 | 00,028,672 | ---- | M] (MICRO-STAR INT'L CO., LTD.) -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter [On_Demand | Running])
DRV - [2008/07/21 08:11:58 | 00,024,392 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [1996/04/03 15:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2008/02/09 19:00:05 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2007/12/31 05:26:55 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/10/30 05:25:53 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2007/10/30 05:25:54 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2007/10/30 05:25:55 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2007/11/01 14:38:56 | 04,620,288 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/02/29 03:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Stopped])
DRV - [2008/02/29 03:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2007/03/20 11:33:26 | 00,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys -- (libusb0 [On_Demand | Running])
DRV - [2008/06/07 00:47:13 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008/07/24 19:46:12 | 00,012,856 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo [Auto | Running])
DRV - [2008/07/24 19:45:20 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\lmimirr.sys -- (lmimirr [On_Demand | Running])
DRV - [2008/10/16 21:35:58 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP [Disabled | Stopped])
DRV - [2008/07/24 19:46:10 | 00,047,640 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver [Auto | Running])
DRV - [2008/02/29 03:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2008/02/29 03:13:46 | 00,028,944 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys -- (LUsbFilt [On_Demand | Running])
DRV - [2004/08/12 22:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2009/07/14 14:54:00 | 07,741,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/04/24 05:52:28 | 00,100,736 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2007/10/12 04:15:08 | 00,054,144 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2007/10/12 04:15:10 | 00,022,016 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2004/09/07 16:42:02 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50 [On_Demand | Stopped])
DRV - [2008/10/06 16:42:57 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2001/08/23 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/01/04 17:58:46 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/07/24 19:45:20 | 00,012,192 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\radpms.sys -- (radpms [On_Demand | Stopped])
DRV - [2009/02/25 13:55:00 | 00,009,088 | ---- | M] () -- C:\Program Files\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Running])
DRV - [2007/12/31 05:28:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2006/09/24 09:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2008/01/19 22:17:17 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/09/10 16:45:18 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/03 18:04:34 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
DRV - [2007/06/28 21:42:02 | 00,025,984 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\System32\drivers\WDMTuner.sys -- (WDMTVTuner [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/
IE - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.1
FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.20
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.7.7
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.5.0
FF - prefs.js..extensions.enabledItems: {89f8dde0-010a-11da-8cd6-0800200c9a66}:1.0.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/17 17:05:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/05 23:03:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/05 19:51:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/05 19:51:51 | 00,000,000 | ---D | M]

[2009/05/30 12:02:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Extensions
[2008/09/11 15:15:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/30 12:02:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/08/05 23:04:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions
[2009/06/18 14:34:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/07/31 17:19:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/10/16 21:19:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/06/03 12:09:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/06/18 14:34:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2008/12/10 22:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}
[2009/07/20 16:12:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/03/23 16:13:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\ctrl-tab@design-noir.de
[2008/11/24 18:55:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\LogMeInClient@logmein.com
[2009/03/28 13:59:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\moveplayer@movenetworks.com
[2009/07/13 22:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\piclens@cooliris.com
[2009/07/13 22:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\piclens@cooliris.com-trash
[2008/12/29 15:55:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Johanan\Application Data\mozilla\Firefox\Profiles\4hvepxft.default\extensions\redshift_V2@shift-themes.com
[2008/12/29 16:00:34 | 00,001,504 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\imdb.xml
[2009/06/10 11:49:18 | 00,002,006 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\urban-dictionary.xml
[2008/12/29 16:00:56 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\weathercom.xml
[2008/09/11 15:36:40 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\webster.xml
[2008/09/11 15:36:42 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\wikipedia-en.xml
[2008/02/13 22:25:37 | 00,002,105 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\Mozilla\FireFox\Profiles\4hvepxft.default\searchplugins\youtube-video-search.xml
[2009/08/05 23:04:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 19:51:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/04 22:37:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/16 20:34:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/20 14:48:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/05 23:04:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/07/30 07:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 07:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/05 23:03:51 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/10/17 14:29:52 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/09/15 20:12:12 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/12/19 08:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/07/30 07:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/09/13 19:21:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/09/13 19:21:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/30 03:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 03:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 03:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 03:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 03:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 03:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 03:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RivaTuner] C:\Program Files\RivaTuner v2.24\RivaTuner.exe ()
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24\RivaTuner.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe ()
O4 - HKLM..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (U.S. Robotics Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Johanan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-21-1491950412-2009852829-4049741679-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1229454768968 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1229454486187 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) - C:\WINDOWS\System32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (Stardock Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/13 23:16:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/05 23:04:01 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/05 23:04:00 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/05 23:04:00 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/05 23:04:00 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/05 23:03:47 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/08/05 22:18:24 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/05 22:16:46 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Johanan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/05 22:16:45 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Johanan\Desktop\ERUNT.lnk
[2009/08/05 22:16:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/05 18:40:10 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Johanan\Desktop\OTL.exe
[2009/08/02 18:10:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johanan\Application Data\ImgBurn
[2009/07/30 20:09:05 | 00,000,000 | ---D | C] -- C:\spoolerlogs
[2009/07/30 13:01:16 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/07/25 22:15:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2009/07/23 10:59:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johanan\My Documents\CAPCOM
[2009/07/23 10:54:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johanan\Local Settings\Application Data\CAPCOM
[2009/07/23 10:46:43 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009/07/23 10:46:43 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009/07/23 10:46:43 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009/07/23 10:46:42 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009/07/23 10:46:42 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2009/07/23 10:46:42 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009/07/21 20:18:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johanan\Application Data\Google
[2009/07/21 15:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/07/20 20:12:32 | 34,881,41312 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/20 19:26:54 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/16 17:03:32 | 00,000,000 | ---D | C] -- C:\Program Files\RivaTuner v2.24
[2009/07/14 13:35:08 | 02,173,472 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcplui.exe
[2009/07/14 13:35:08 | 00,420,384 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.cpl
[2009/07/14 13:35:04 | 00,081,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2009/07/14 13:35:00 | 04,026,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvitvs.dll
[2009/07/14 13:35:00 | 03,170,304 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwss.dll
[2009/07/14 13:34:58 | 13,877,248 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2009/07/14 13:34:58 | 04,923,392 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdisps.dll
[2009/07/14 13:34:58 | 03,547,136 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgames.dll
[2009/07/14 13:34:58 | 01,286,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmobls.dll
[2009/07/14 13:34:58 | 00,243,457 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2009/07/14 13:34:58 | 00,188,416 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccss.dll
[2009/07/14 13:34:58 | 00,168,004 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
[2009/07/14 13:34:58 | 00,143,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2009/07/14 13:34:58 | 00,086,016 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2009/07/14 13:34:58 | 00,066,834 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/07/14 13:34:56 | 00,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2009/07/14 13:09:32 | 00,046,784 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\vlcsnap-5201553.jpg
[2009/06/28 22:32:39 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2009/05/01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/22 00:19:06 | 00,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/02/28 14:25:41 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/30 12:59:57 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/30 12:59:57 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/07 14:33:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/15 20:14:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 20:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/15 20:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/15 20:11:10 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/06/07 00:47:13 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/06/07 00:47:13 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/06/06 22:32:24 | 00,015,498 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/06/06 22:09:20 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/06/06 22:09:20 | 00,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/06/06 21:59:07 | 00,015,746 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/06/06 21:58:45 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/06/06 21:58:29 | 00,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/06/05 09:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/04/13 12:01:13 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\Cylon.dll
[2008/04/13 12:01:13 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\usrnicvw.dll
[2008/04/13 12:01:12 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/03/26 17:02:17 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/03/22 12:18:28 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/03/16 14:11:52 | 00,000,182 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/15 16:31:08 | 00,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2008/03/15 16:27:53 | 00,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2008/03/15 16:24:13 | 00,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2008/02/24 20:04:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/02/16 22:35:15 | 00,000,033 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/02/13 20:47:36 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/02/10 20:09:06 | 00,000,171 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/02/10 20:08:55 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2008/02/10 20:08:55 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2008/02/10 20:08:49 | 00,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2008/02/03 23:10:24 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/02/03 23:10:24 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/02/03 23:10:24 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/02/03 14:46:45 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/01/22 21:12:22 | 00,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2008/01/22 21:02:37 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/22 19:01:16 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/01/19 22:17:16 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/01/13 23:36:02 | 00,000,137 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2007/07/25 09:24:28 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/10 07:51:48 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2002/10/15 18:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/08/23 08:00:00 | 00,000,593 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[2009/08/06 08:59:26 | 39,571,777 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/05 23:03:50 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/05 23:03:50 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/05 23:03:50 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/05 23:03:50 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/05 23:03:50 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/05 22:20:31 | 00,243,457 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/08/05 22:20:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/05 22:20:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/05 22:20:04 | 34,881,41312 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/05 22:16:46 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Johanan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/05 22:16:45 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Johanan\Desktop\ERUNT.lnk
[2009/08/05 20:46:19 | 00,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2009/08/05 19:51:53 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Firefox.lnk
[2009/08/05 18:35:04 | 00,059,679 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/05 17:10:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/04 20:23:06 | 03,709,912 | -H-- | M] () -- C:\Documents and Settings\Johanan\Local Settings\Application Data\IconCache.db
[2009/08/02 16:13:39 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Johanan\Desktop\iTunes.lnk
[2009/08/01 18:41:11 | 00,230,912 | ---- | M] () -- C:\Documents and Settings\Johanan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/01 13:25:30 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johanan\Desktop\OTL.exe
[2009/08/01 10:05:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/20 10:29:49 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/14 14:54:00 | 10,457,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2009/07/14 14:54:00 | 07,741,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2009/07/14 14:54:00 | 07,741,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2009/07/14 14:54:00 | 05,842,816 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2009/07/14 14:54:00 | 02,189,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2009/07/14 14:54:00 | 02,002,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2009/07/14 14:54:00 | 01,706,528 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2009/07/14 14:54:00 | 01,597,690 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2009/07/14 14:54:00 | 00,868,352 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2009/07/14 14:54:00 | 00,485,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2009/07/14 14:54:00 | 00,151,552 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2009/07/14 14:54:00 | 00,151,552 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2009/07/14 14:54:00 | 00,019,495 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2009/07/14 13:35:08 | 02,173,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcplui.exe
[2009/07/14 13:35:08 | 00,420,384 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.cpl
[2009/07/14 13:35:04 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2009/07/14 13:35:00 | 04,026,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvitvs.dll
[2009/07/14 13:35:00 | 03,170,304 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwss.dll
[2009/07/14 13:34:58 | 13,877,248 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2009/07/14 13:34:58 | 04,923,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdisps.dll
[2009/07/14 13:34:58 | 03,547,136 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgames.dll
[2009/07/14 13:34:58 | 01,286,144 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmobls.dll
[2009/07/14 13:34:58 | 00,188,416 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccss.dll
[2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
[2009/07/14 13:34:58 | 00,143,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2009/07/14 13:34:58 | 00,086,016 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2009/07/14 13:34:58 | 00,066,834 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/07/14 13:34:56 | 00,229,376 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2009/07/13 17:32:49 | 00,020,456 | ---- | M] () -- C:\Documents and Settings\Johanan\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/10 07:01:34 | 00,485,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
< End of report >

Computer still seems to be running great! Thanks again for all your help and time that you put into this.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:02:53 PM

Posted 06 August 2009 - 12:41 PM

You're welcome.

The scans and logs looks good. We can cleanup now!


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Create a New System Restore Point<- Very Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Congratulations! You now appear clean! :) :thumbup2:
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :)

If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :cool:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 RedPenumbra

RedPenumbra
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
    •  
  • Local time:02:53 PM

Posted 06 August 2009 - 01:03 PM

No problems here. :thumbup2:

Thanks for all your help!

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:02:53 PM

Posted 06 August 2009 - 09:10 PM

You're very welcome! :thumbup2:

Happy surfing again.

--
Since the problem appears to be resolved, this topic is now Closed. Glad we could help :)
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·