Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AGprotect Malware.Trace Recurring


  • This topic is locked This topic is locked
4 replies to this topic

#1 David Billo

David Billo

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 27 September 2009 - 06:49 PM

Web browsing access is slow to non-existent, although other things, like Teamspeak, Hyperlobby, multiplayer server, email, FTP, and VNC seem to work. The exception to that is logins, for email, and VNC, take much longer than usual for the login to come up, but once it does it seems normal.
MalwareBytes quick scan, found and deleted a number of entries, including a registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect

Vendor listed as Malware.Trace

I used MalwareBytes (quick scan) to remove this entry several times, but it keeps returning, along with the sluggish web access.

HijackThis found a BHO with no name, and something called icadabexobedite.dll in startup as well.

I manually deleted from \Windows\system32\ two files named:

Fpimepinukoneji.dat
Vzefa.bin

garmanma, over at "Am I Infected", suspects rootkit, and it seems the following is the only diagnostic that I could get.
Thanks!

OTL logfile created on: 26/09/2009 6:49:10 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = F:\Documents and Settings\David Billo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.66% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.70% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 39.06 Gb Total Space | 26.25 Gb Free Space | 67.21% Space Free | Partition Type: NTFS
Drive D: | 149.04 Gb Total Space | 24.42 Gb Free Space | 16.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 147.24 Gb Total Space | 20.39 Gb Free Space | 13.85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 74.50 Gb Total Space | 66.51 Gb Free Space | 89.27% Space Free | Partition Type: NTFS
Drive Y: | 9.52 Gb Total Space | 6.17 Gb Free Space | 64.77% Space Free | Partition Type: NTFS
Drive Z: | 6.04 Gb Total Space | 4.02 Gb Free Space | 66.64% Space Free | Partition Type: NTFS

Computer Name: CHENMING
Current User Name: David Billo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/09/04 19:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/11/06 19:00:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\System32\nvsvc32.exe
PRC - [2008/09/08 12:10:20 | 00,450,560 | ---- | M] () -- F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/09/08 12:09:40 | 00,184,320 | ---- | M] () -- F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Explorer.EXE
PRC - [2007/10/24 23:57:56 | 16,855,552 | R--- | M] (Realtek Semiconductor Corp.) -- F:\WINDOWS\RTHDCPL.EXE
PRC - [2004/01/08 09:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- F:\Program Files\Logitech\MouseWare\system\em_exec.exe
PRC - [2006/06/13 05:20:00 | 00,127,036 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/09/28 11:16:52 | 00,151,552 | ---- | M] (Saitek) -- F:\Program Files\Saitek\DirectOutput\DirectOutputManager.exe
PRC - [2006/09/05 09:12:58 | 00,184,320 | ---- | M] (Saitek) -- F:\Program Files\Saitek\Software\ProfilerU.exe
PRC - [2006/09/28 11:19:34 | 00,126,976 | ---- | M] (Saitek) -- F:\Program Files\Saitek\Software\SaiMfd.exe
PRC - [2008/12/19 13:17:24 | 00,333,088 | ---- | M] (Sony Corporation) -- F:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Messenger\msmsgs.exe
PRC - [2008/04/14 05:42:30 | 00,060,416 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Outlook Express\msimn.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/09/26 18:48:27 | 00,514,560 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\David Billo\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/09/08 12:10:20 | 00,450,560 | ---- | M] () -- F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/09/08 12:09:40 | 00,184,320 | ---- | M] () -- F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp [Auto | Running])
SRV - [2007/09/04 19:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- F:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running])
SRV - [2007/11/06 19:00:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/03/31 23:25:42 | 00,711,248 | ---- | M] (Trend Micro Inc.) -- F:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Stopped])
SRV - [2009/06/13 14:29:11 | 00,341,256 | ---- | M] (Trend Micro Inc.) -- F:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Stopped])
SRV - [2009/03/31 23:26:02 | 00,497,008 | ---- | M] (Trend Micro Inc.) -- F:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [Auto | Stopped])
SRV - [2009/03/31 23:26:06 | 00,677,128 | ---- | M] (Trend Micro Inc.) -- F:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/11/29 00:46:24 | 00,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- F:\WINDOWS\System32\Drivers\APLMp50.sys -- (APLMp50 [On_Demand | Stopped])
DRV - [2006/10/18 15:12:16 | 00,012,664 | R--- | M] () -- F:\WINDOWS\System32\drivers\AsIO.sys -- (AsIO [System | Running])
DRV - [2006/06/13 05:20:00 | 00,025,724 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2006/03/17 08:35:24 | 00,005,660 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2006/06/13 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2006/06/13 05:20:00 | 00,086,844 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2006/06/13 05:20:00 | 00,014,716 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2006/06/13 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2006/03/17 08:34:46 | 00,022,684 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2006/06/13 05:20:00 | 00,094,460 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2006/06/13 05:20:00 | 00,088,476 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2006/06/12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2006/03/17 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2004/07/14 12:54:42 | 00,676,864 | ---- | M] (Aladdin Knowledge Systems) -- F:\WINDOWS\System32\drivers\hardlock.sys -- (Hardlock [Auto | Running])
DRV - [2008/04/13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- F:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/11/01 02:38:56 | 04,620,288 | R--- | M] (Realtek Semiconductor Corp.) -- F:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2003/12/17 09:50:00 | 00,051,729 | ---- | M] (Logitech, Inc.) -- F:\WINDOWS\System32\DRIVERS\L8042pr2.Sys -- (L8042pr2 [On_Demand | Running])
DRV - [2003/12/17 09:50:00 | 00,070,801 | ---- | M] (Logitech, Inc.) -- F:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])
DRV - [2004/08/12 22:56:20 | 00,005,810 | R--- | M] () -- F:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2009/08/28 11:26:42 | 00,024,820 | ---- | M] (MusicMatch, Inc.) -- F:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [Auto | Running])
DRV - [2008/04/14 00:23:10 | 00,040,320 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2007/03/23 18:51:20 | 00,022,816 | ---- | M] (NaturalPoint) -- F:\WINDOWS\System32\DRIVERS\npusb.sys -- (NPUSB [On_Demand | Stopped])
DRV - [2008/01/11 20:21:08 | 00,036,384 | ---- | M] (Thesycon GmbH, Germany) -- F:\WINDOWS\System32\Drivers\npusbio.sys -- (npusbio [On_Demand | Running])
DRV - [2007/11/06 19:00:00 | 07,429,088 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008/08/01 12:36:00 | 00,054,784 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2008/08/18 19:54:00 | 00,145,952 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts [Boot | Running])
DRV - [2008/08/01 12:36:00 | 00,022,016 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2007/09/04 19:26:32 | 00,029,696 | ---- | M] (NVidia Corp.) -- F:\WINDOWS\nvoclock.sys -- (NVR0Dev [On_Demand | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- F:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/07/04 11:22:36 | 00,044,944 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/05/01 16:11:28 | 00,132,232 | ---- | M] (Saitek) -- F:\WINDOWS\System32\DRIVERS\SaiH0255.sys -- (SaiH0255 [On_Demand | Stopped])
DRV - [2007/05/01 16:37:40 | 00,132,232 | ---- | M] (Saitek) -- F:\WINDOWS\System32\DRIVERS\SaiH0464.sys -- (SaiH0464 [On_Demand | Stopped])
DRV - [2006/09/13 07:31:50 | 00,192,000 | R--- | M] (Saitek) -- F:\WINDOWS\System32\DRIVERS\SaiH0762.sys -- (SaiH0762 [On_Demand | Running])
DRV - [2007/10/05 10:19:26 | 00,014,080 | ---- | M] (Saitek) -- F:\WINDOWS\System32\DRIVERS\SaiMini.sys -- (SaiMini [On_Demand | Running])
DRV - [2007/10/05 10:19:26 | 00,035,200 | ---- | M] (Saitek) -- F:\WINDOWS\System32\drivers\SaiBus.sys -- (SaiNtBus [On_Demand | Running])
DRV - [2009/09/15 11:42:46 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/09/15 11:42:48 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- F:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/09/15 11:42:44 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- F:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/04/13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- F:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/04/02 19:08:54 | 00,050,192 | ---- | M] (Trend Micro Inc.) -- F:\WINDOWS\System32\drivers\tmactmon.sys -- (tmactmon [Auto | Stopped])
DRV - [2009/06/13 14:29:16 | 00,335,376 | ---- | M] (Trend Micro Inc.) -- F:\WINDOWS\System32\DRIVERS\TM_CFW.sys -- (tmcfw [On_Demand | Running])
DRV - [2009/04/02 19:08:48 | 00,153,104 | ---- | M] (Trend Micro Inc.) -- F:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2009/04/02 19:08:52 | 00,050,192 | ---- | M] (Trend Micro Inc.) -- F:\WINDOWS\System32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Stopped])
DRV - [2009/05/22 04:00:40 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- F:\WINDOWS\System32\DRIVERS\tmpreflt.sys -- (tmpreflt [Auto | Running])
DRV - [2009/06/13 14:29:16 | 00,080,400 | ---- | M] (Trend Micro Inc.) -- F:\WINDOWS\System32\DRIVERS\tmtdi.sys -- (tmtdi [System | Running])
DRV - [2009/05/22 04:02:26 | 00,225,296 | ---- | M] (Trend Micro Inc.) -- F:\WINDOWS\System32\DRIVERS\tmxpflt.sys -- (tmxpflt [Auto | Running])
DRV - [2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2009/05/22 03:45:58 | 01,220,120 | ---- | M] (Trend Micro Inc.) -- F:\WINDOWS\System32\DRIVERS\vsapint.sys -- (vsapint [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1220945662-329068152-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1220945662-329068152-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1220945662-329068152-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1220945662-329068152-839522115-1003\S-1-5-21-1220945662-329068152-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 00:14:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: F:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/10 12:32:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{262CDA81-93B5-43DE-B0DF-1628E8265DC2}: F:\Documents and Settings\David Billo\Local Settings\Application Data\{262CDA81-93B5-43DE-B0DF-1628E8265DC2} [2009/09/22 09:21:12 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - F:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [DirectOutput] F:\Program Files\Saitek\DirectOutput\DirectOutputManager.exe (Saitek)
O4 - HKLM..\Run: [DLA] F:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Logitech Utility] F:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] F:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [nwiz] F:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Profiler] F:\Program Files\Saitek\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [RTHDCPL] F:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SaiMfd] F:\Program Files\Saitek\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] F:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UpdateManager] F:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-1220945662-329068152-839522115-1003..\Run: [NVIDIA nTune] F:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: F:\Documents and Settings\David Billo\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = F:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-329068152-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - F:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - F:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1220945662-329068152-839522115-1003\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-1220945662-329068152-839522115-1003\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-1220945662-329068152-839522115-1003\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKU\S-1-5-21-1220945662-329068152-839522115-1003\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1218855998531 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - F:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - F:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - F:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - F:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (F:\WINDOWS\system32\ssqQgddA) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/22 11:21:32 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/26 12:57:26 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/06 16:16:20 | 00,000,000 | -H-- | M] () - Y:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0759b324-80dd-11de-ac62-001fc6d70feb}\Shell - "" = AutoRun
O33 - MountPoints2\{0759b324-80dd-11de-ac62-001fc6d70feb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0759b324-80dd-11de-ac62-001fc6d70feb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - F:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (MACHINE) - File not found
O34 - HKLM BootExecute: (BootExecut) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 F:\WINDOWS\System32\*.tmp files]
[2009/09/26 18:48:26 | 00,514,560 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\David Billo\Desktop\OTL.exe
[2009/09/26 15:25:27 | 00,000,000 | ---D | C] -- F:\Documents and Settings\David Billo\Desktop\New Jets
[2009/09/26 15:08:26 | 00,000,000 | ---D | C] -- F:\Documents and Settings\David Billo\Desktop\Cleanup
[2009/09/23 14:15:35 | 00,000,000 | ---- | C] () -- F:\WINDOWS\nsreg.dat
[2009/09/23 14:15:24 | 00,000,000 | ---D | C] -- F:\Documents and Settings\David Billo\Local Settings\Application Data\Mozilla
[2009/09/23 13:22:42 | 00,000,000 | -H-D | C] -- F:\WINDOWS\System32\GroupPolicy
[2009/09/23 09:54:19 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/09/23 09:54:09 | 00,000,000 | ---D | C] -- F:\Program Files\SUPERAntiSpyware
[2009/09/23 09:54:09 | 00,000,000 | ---D | C] -- F:\Documents and Settings\David Billo\Application Data\SUPERAntiSpyware.com
[2009/09/23 00:50:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/23 00:50:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2009/09/23 00:50:30 | 00,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware
[2009/09/22 09:21:45 | 00,182,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ndis.sys
[2009/09/22 09:21:12 | 00,000,000 | ---D | C] -- F:\Documents and Settings\David Billo\Local Settings\Application Data\{262CDA81-93B5-43DE-B0DF-1628E8265DC2}
[2009/09/17 10:03:22 | 00,419,744 | ---- | C] () -- F:\Documents and Settings\David Billo\Desktop\20081231_Questions.pdf
[2009/09/13 12:30:37 | 00,000,000 | ---D | C] -- F:\Documents and Settings\David Billo\Desktop\Dell Manual
[2009/09/09 11:31:24 | 00,153,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/09 10:42:09 | 00,000,000 | ---D | C] -- F:\Documents and Settings\David Billo\Desktop\Saved1946
[2009/09/06 14:25:14 | 00,000,835 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\No FS.lnk
[2009/09/06 14:25:14 | 00,000,823 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\FS mods.lnk
[2009/08/30 18:24:26 | 00,060,032 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\drivers\USBAUDIO.sys
[2009/08/30 18:24:26 | 00,060,032 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/08/30 18:15:01 | 00,155,648 | ---- | C] () -- F:\WINDOWS\System32\nY.exe
[2009/08/30 18:15:01 | 00,057,344 | ---- | C] (Saitek) -- F:\WINDOWS\System32\SAIGON.dll
[2009/08/30 18:15:01 | 00,045,056 | ---- | C] (Saitek) -- F:\WINDOWS\System32\SAIKICK.dll
[2009/08/30 18:14:07 | 00,004,668 | ---- | C] () -- F:\WINDOWS\System32\SaiC0762-6553A72A-2DD4-44DB-8706-E9E82C888159.pr0
[2009/08/30 18:11:54 | 00,921,600 | R--- | C] () -- F:\WINDOWS\System32\SaiC0762.Dll
[2009/08/30 18:11:54 | 00,192,000 | R--- | C] (Saitek) -- F:\WINDOWS\System32\drivers\SaiH0762.sys
[2009/08/30 18:11:54 | 00,018,342 | R--- | C] () -- F:\WINDOWS\System32\SaiD0762.pr0
[2009/08/30 18:11:54 | 00,008,192 | R--- | C] () -- F:\WINDOWS\System32\SaiC0762_0C.dll
[2009/08/30 18:11:54 | 00,007,680 | R--- | C] () -- F:\WINDOWS\System32\SaiC0762_10.dll
[2009/08/30 18:11:54 | 00,007,680 | R--- | C] () -- F:\WINDOWS\System32\SaiC0762_0A.dll
[2009/08/30 18:11:54 | 00,007,680 | R--- | C] () -- F:\WINDOWS\System32\SaiC0762_07.dll
[2009/08/30 18:11:54 | 00,007,168 | R--- | C] () -- F:\WINDOWS\System32\SaiC0762_09.dll
[2009/08/30 18:11:54 | 00,007,168 | R--- | C] () -- F:\WINDOWS\System32\SaiC0762_0402.dll
[2009/08/30 18:11:54 | 00,005,120 | R--- | C] () -- F:\WINDOWS\System32\SaiC0762_11.dll
[2009/08/30 18:11:54 | 00,000,306 | R--- | C] () -- F:\WINDOWS\System32\SaiC0762.pr0
[2009/08/30 14:07:13 | 00,000,000 | ---D | C] -- F:\Documents and Settings\David Billo\Application Data\dvdcss
[2009/08/28 23:36:27 | 00,000,142 | ---- | C] () -- F:\WINDOWS\temp.rcl
[2009/08/28 23:35:58 | 00,001,787 | ---- | C] () -- F:\WINDOWS\tabled32.ini
[2009/08/28 23:35:04 | 00,000,000 | ---D | C] -- F:\Program Files\TablEdit32
[2009/08/28 12:22:37 | 00,000,000 | ---D | C] -- F:\Documents and Settings\David Billo\Application Data\Roni Music
[2009/08/28 12:22:30 | 00,001,783 | ---- | C] () -- F:\Documents and Settings\David Billo\Desktop\Amazing Slow Downer.lnk
[2009/08/28 12:22:29 | 00,000,000 | ---D | C] -- F:\Program Files\Roni Music
[2009/08/28 11:50:33 | 00,000,000 | ---D | C] -- F:\Program Files\CCleaner
[2009/08/28 11:12:57 | 00,024,820 | ---- | C] (MusicMatch, Inc.) -- F:\WINDOWS\System32\drivers\MxlW2k.sys
[2009/06/27 22:06:59 | 00,000,175 | ---- | C] () -- F:\WINDOWS\wininit.ini
[2009/02/14 16:44:53 | 00,015,498 | ---- | C] () -- F:\WINDOWS\Ascd_tmp.ini
[2008/08/30 14:54:54 | 00,007,680 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll
[2008/08/30 14:54:54 | 00,000,547 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/21 14:51:28 | 00,000,116 | ---- | C] () -- F:\WINDOWS\NeroDigital.ini
[2008/07/24 13:33:27 | 00,000,048 | ---- | C] () -- F:\WINDOWS\wpd99.drv
[2008/07/23 14:45:02 | 00,024,576 | R--- | C] () -- F:\WINDOWS\System32\AsIO.dll
[2008/07/23 14:45:02 | 00,012,664 | R--- | C] () -- F:\WINDOWS\System32\drivers\AsIO.sys
[2008/07/23 14:44:59 | 00,010,304 | ---- | C] () -- F:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/07/23 14:44:58 | 00,012,096 | ---- | C] () -- F:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/07/23 10:58:14 | 00,001,793 | ---- | C] () -- F:\WINDOWS\System32\fxsperf.ini
[2008/07/22 15:05:29 | 00,127,026 | ---- | C] () -- F:\WINDOWS\System32\pdfmona.dll
[2008/07/22 15:05:29 | 00,048,936 | ---- | C] () -- F:\WINDOWS\System32\pdf995mon.dll
[2008/07/22 14:49:43 | 00,002,108 | ---- | C] () -- F:\WINDOWS\DCADWin.Ini
[2008/07/22 13:01:43 | 00,015,739 | ---- | C] () -- F:\WINDOWS\Ascd_log.ini
[2008/07/22 13:00:43 | 00,005,810 | R--- | C] () -- F:\WINDOWS\System32\drivers\ASACPI.sys
[2008/07/22 13:00:30 | 00,012,536 | ---- | C] () -- F:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/11/06 19:00:00 | 01,703,936 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/06 19:00:00 | 01,474,560 | ---- | C] () -- F:\WINDOWS\System32\nview.dll
[2007/11/06 19:00:00 | 01,019,904 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll
[2007/11/06 19:00:00 | 00,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll
[2007/11/06 19:00:00 | 00,286,720 | ---- | C] () -- F:\WINDOWS\System32\nvnt4cpl.dll
[2007/05/01 16:11:28 | 00,008,704 | ---- | C] () -- F:\WINDOWS\System32\SaiC0255_0C.dll
[2007/05/01 16:11:28 | 00,008,192 | ---- | C] () -- F:\WINDOWS\System32\SaiC0255_10.dll
[2007/05/01 16:11:28 | 00,008,192 | ---- | C] () -- F:\WINDOWS\System32\SaiC0255_0A.dll
[2007/05/01 16:11:28 | 00,007,680 | ---- | C] () -- F:\WINDOWS\System32\SaiC0255_09.dll
[2007/05/01 16:11:28 | 00,005,632 | ---- | C] () -- F:\WINDOWS\System32\SaiC0255_11.dll
[2007/05/01 16:11:26 | 00,847,872 | ---- | C] () -- F:\WINDOWS\System32\SaiC0255.Dll
[2007/05/01 16:11:26 | 00,008,192 | ---- | C] () -- F:\WINDOWS\System32\SaiC0255_07.dll
[2007/05/01 16:11:26 | 00,007,168 | ---- | C] () -- F:\WINDOWS\System32\SaiC0255_0402.dll
[2007/05/01 15:37:40 | 01,970,176 | ---- | C] () -- F:\WINDOWS\System32\SaiC0464.Dll
[2007/05/01 15:37:40 | 00,008,704 | ---- | C] () -- F:\WINDOWS\System32\SaiC0464_0C.dll
[2007/05/01 15:37:40 | 00,008,192 | ---- | C] () -- F:\WINDOWS\System32\SaiC0464_10.dll
[2007/05/01 15:37:40 | 00,008,192 | ---- | C] () -- F:\WINDOWS\System32\SaiC0464_0A.dll
[2007/05/01 15:37:40 | 00,008,192 | ---- | C] () -- F:\WINDOWS\System32\SaiC0464_07.dll
[2007/05/01 15:37:40 | 00,007,680 | ---- | C] () -- F:\WINDOWS\System32\SaiC0464_09.dll
[2007/05/01 15:37:40 | 00,007,168 | ---- | C] () -- F:\WINDOWS\System32\SaiC0464_0402.dll
[2007/05/01 15:37:40 | 00,005,632 | ---- | C] () -- F:\WINDOWS\System32\SaiC0464_11.dll
[2007/03/12 12:01:30 | 00,217,088 | ---- | C] () -- F:\WINDOWS\NVGfxOgl.dll
[2004/09/22 14:47:00 | 00,000,000 | ---- | C] () -- F:\WINDOWS\System32\px.ini
[2004/08/04 08:00:00 | 00,000,604 | ---- | C] () -- F:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- F:\WINDOWS\system.ini
[1997/08/04 00:00:00 | 00,116,736 | ---- | C] () -- F:\WINDOWS\System32\PCDLIB32.DLL

========== Files - Modified Within 30 Days ==========

[2 F:\WINDOWS\System32\*.tmp files]
[6 F:\WINDOWS\*.tmp files]
[2009/09/26 18:48:27 | 00,514,560 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\David Billo\Desktop\OTL.exe
[2009/09/26 12:31:49 | 00,168,448 | ---- | M] () -- F:\Documents and Settings\David Billo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 08:53:35 | 00,013,646 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2009/09/26 08:50:31 | 00,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2009/09/26 08:50:29 | 00,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2009/09/23 14:15:35 | 00,000,000 | ---- | M] () -- F:\WINDOWS\nsreg.dat
[2009/09/22 09:21:46 | 00,182,656 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\System32\drivers\ndis.sys
[2009/09/22 09:21:45 | 00,182,656 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ndis.sys
[2009/09/19 11:48:54 | 00,000,116 | ---- | M] () -- F:\WINDOWS\NeroDigital.ini
[2009/09/17 10:03:22 | 00,419,744 | ---- | M] () -- F:\Documents and Settings\David Billo\Desktop\20081231_Questions.pdf
[2009/09/13 20:36:47 | 00,002,108 | ---- | M] () -- F:\WINDOWS\DCADWin.Ini
[2009/09/13 19:58:56 | 00,000,835 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\No FS.lnk
[2009/09/13 19:58:56 | 00,000,823 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\FS mods.lnk
[2009/09/11 18:41:20 | 00,000,048 | ---- | M] () -- F:\WINDOWS\wpd99.drv
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2009/09/01 11:23:15 | 00,001,787 | ---- | M] () -- F:\WINDOWS\tabled32.ini
[2009/09/01 11:21:32 | 00,000,142 | ---- | M] () -- F:\WINDOWS\temp.rcl
[2009/08/30 23:28:21 | 02,107,242 | -H-- | M] () -- F:\Documents and Settings\David Billo\Local Settings\Application Data\IconCache.db
[2009/08/30 18:14:07 | 00,004,668 | ---- | M] () -- F:\WINDOWS\System32\SaiC0762-6553A72A-2DD4-44DB-8706-E9E82C888159.pr0
[2009/08/28 21:13:54 | 00,035,256 | ---- | M] () -- F:\Documents and Settings\David Billo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/28 18:01:06 | 00,165,120 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/28 17:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\System32\MRT.exe
[2009/08/28 12:22:30 | 00,001,783 | ---- | M] () -- F:\Documents and Settings\David Billo\Desktop\Amazing Slow Downer.lnk
[2009/08/28 11:26:42 | 00,024,820 | ---- | M] (MusicMatch, Inc.) -- F:\WINDOWS\System32\drivers\MxlW2k.sys
< End of report >


OTL Extras logfile created on: 26/09/2009 6:49:10 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = F:\Documents and Settings\David Billo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.66% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.70% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 39.06 Gb Total Space | 26.25 Gb Free Space | 67.21% Space Free | Partition Type: NTFS
Drive D: | 149.04 Gb Total Space | 24.42 Gb Free Space | 16.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 147.24 Gb Total Space | 20.39 Gb Free Space | 13.85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 74.50 Gb Total Space | 66.51 Gb Free Space | 89.27% Space Free | Partition Type: NTFS
Drive Y: | 9.52 Gb Total Space | 6.17 Gb Free Space | 64.77% Space Free | Partition Type: NTFS
Drive Z: | 6.04 Gb Total Space | 4.02 Gb Free Space | 66.64% Space Free | Partition Type: NTFS

Computer Name: CHENMING
Current User Name: David Billo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- F:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- F:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "F:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "F:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "F:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"F:\Program Files\Windows Live\Messenger\wlcsdk.exe" = F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"F:\Program Files\Windows Live\Messenger\msnmsgr.exe" = F:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = F:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"F:\Program Files\Messenger\msmsgs.exe" = F:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"F:\Program Files\Windows Live\Messenger\wlcsdk.exe" = F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"F:\Program Files\Windows Live\Messenger\msnmsgr.exe" = F:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EB9A67-6A21-4390-A9C8-6165EEE1921A}" = Saitek DirectOutput 5.7.0.24
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{50956224-4E46-4B5D-AC55-62C03DD47EED}" = FS MODS
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7363206E-C7BD-45CD-89A0-792B28409811}_is1" = MB-Ruler
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{967FB80D-56BD-42EF-A942-9E8C78F984A4}" = Saitek SST Programming Software
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2A227E0-8DEC-11D2-A564-B2890D000000}" = 5D PDF Creator
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE6E6BF7-6A81-4EC2-AD29-4580025149F1}" = TrackIR4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FC18317E-BB91-4502-8909-E5AB70BC1033}" = Nero 7 Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Amazing Slow Downer" = Amazing Slow Downer (remove only)
"Antarctica Scenery 01.04" = Antarctica Scenery 01.04
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.166
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Bombsight Table 2" = Bombsight Table 2
"CCleaner" = CCleaner (remove only)
"Condor: The Competition Soaring Simulator" = Condor: The Competition Soaring Simulator 1.1.2
"DataCAD® for Windows®" = DataCAD® for Windows®
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"EasternAlps Scenery" = EasternAlps Scenery 2.0
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
"FLV Player" = FLV Player 2.0 (build 25)
"Fraps" = Fraps
"Hardlock Device Driver" = Hardlock Device Driver
"HASP HL Device Driver" = HASP HL Device Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hyper Lobby Pro Client version 3.9.111" = Hyper Lobby Pro Client version 3.9.111
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IGC GE Flight_is1" = IGC Flight Replay 0.6
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Paint Shop Pro 4.12" = Paint Shop Pro 4.12
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"RealVNC_is1" = VNC Personal Edition P4.2.7
"Scenery Hungary v1.0 for Condor Soaring Simulator" = Scenery Hungary v1.0 for Condor Soaring Simulator
"SeeYou_is1" = SeeYou Version 3.9
"ShowCondorIGC" = ShowCondorIGC
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works" = Microsoft Works 4.5
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-329068152-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Alsace scenery" = Alsace scenery
"Corse scenery" = Corse scenery
"Grenoble scenery" = Grenoble scenery
"Pyrénées scenery" = Pyrénées scenery
"Scène Massif Central version 1.0" = Scène Massif Central version 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/08/2009 4:16:19 PM | Computer Name = CHENMING | Source = Application Error | ID = 1000
Description = Faulting application profileru.exe, version 6.0.10.7, faulting module
profileru.exe, version 6.0.10.7, fault address 0x000054cf.

Error - 03/08/2009 7:47:31 AM | Computer Name = CHENMING | Source = Application Error | ID = 1000
Description = Faulting application profileru.exe, version 6.0.10.7, faulting module
profileru.exe, version 6.0.10.7, fault address 0x000054cf.

Error - 04/08/2009 5:32:09 AM | Computer Name = CHENMING | Source = Application Error | ID = 1000
Description = Faulting application profileru.exe, version 6.0.10.7, faulting module
profileru.exe, version 6.0.10.7, fault address 0x000054cf.

Error - 04/08/2009 2:18:49 PM | Computer Name = CHENMING | Source = Application Error | ID = 1000
Description = Faulting application videoconvertersetup.exe, version 15.0.0.498,
faulting module videoconvertersetup.exe, version 15.0.0.498, fault address 0x000319cc.

Error - 05/08/2009 8:09:39 AM | Computer Name = CHENMING | Source = Application Error | ID = 1000
Description = Faulting application profileru.exe, version 6.0.10.7, faulting module
profileru.exe, version 6.0.10.7, fault address 0x000054cf.

Error - 06/08/2009 3:42:20 AM | Computer Name = CHENMING | Source = Application Error | ID = 1000
Description = Faulting application profileru.exe, version 6.0.10.7, faulting module
profileru.exe, version 6.0.10.7, fault address 0x000054cf.

Error - 08/08/2009 5:18:35 AM | Computer Name = CHENMING | Source = Application Error | ID = 1000
Description = Faulting application profileru.exe, version 6.0.10.7, faulting module
profileru.exe, version 6.0.10.7, fault address 0x000054cf.

Error - 16/08/2009 10:57:49 AM | Computer Name = CHENMING | Source = Application Error | ID = 1000
Description = Faulting application profileru.exe, version 6.0.10.7, faulting module
profileru.exe, version 6.0.10.7, fault address 0x000054cf.

Error - 17/08/2009 6:55:48 PM | Computer Name = CHENMING | Source = Application Error | ID = 1000
Description = Faulting application profileru.exe, version 6.0.10.7, faulting module
profileru.exe, version 6.0.10.7, fault address 0x000054cf.

Error - 20/08/2009 6:15:50 PM | Computer Name = CHENMING | Source = Application Error | ID = 1000
Description = Faulting application profileru.exe, version 6.0.10.7, faulting module
profileru.exe, version 6.0.10.7, fault address 0x000054cf.

[ System Events ]
Error - 24/09/2009 6:44:20 PM | Computer Name = CHENMING | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Kingston DataTraveler
2.0 USB Device.

Error - 24/09/2009 6:44:20 PM | Computer Name = CHENMING | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Kingston DataTraveler
2.0 USB Device.

Error - 24/09/2009 7:24:48 PM | Computer Name = CHENMING | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Kingston DataTraveler
2.0 USB Device.

Error - 24/09/2009 7:24:48 PM | Computer Name = CHENMING | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Kingston DataTraveler
2.0 USB Device.

Error - 24/09/2009 7:40:49 PM | Computer Name = CHENMING | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Kingston DataTraveler
2.0 USB Device.

Error - 24/09/2009 7:40:49 PM | Computer Name = CHENMING | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Kingston DataTraveler
2.0 USB Device.

Error - 24/09/2009 7:45:56 PM | Computer Name = CHENMING | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Kingston DataTraveler
2.0 USB Device.

Error - 24/09/2009 7:45:57 PM | Computer Name = CHENMING | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Kingston DataTraveler
2.0 USB Device.

Error - 25/09/2009 8:47:18 PM | Computer Name = CHENMING | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Kingston DataTraveler
2.0 USB Device.

Error - 25/09/2009 8:47:18 PM | Computer Name = CHENMING | Source = Removable Storage Service | ID = 262162
Description = RSM cannot manage library PhysicalDrive2. The initial inventory of
the library failed.


< End of report >

BC AdBot (Login to Remove)

 


#2 David Billo

David Billo
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 10 October 2009 - 09:56 AM

Never mind....I'm reformatting...

Thanks all the same!

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:46 AM

Posted 14 October 2009 - 11:21 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 David Billo

David Billo
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 15 October 2009 - 12:33 AM

No need to apologize...I know you guys are swamped.

Over the weekend, I deleted and recreated the disk partition, refomated, and reinstalled Windows and everything else I needed. Everything is fine now. Thanks all the same!

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:46 AM

Posted 18 October 2009 - 05:48 AM

Thanks for letting us know. :(

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users