Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP slow boot


  • Please log in to reply
11 replies to this topic

#1 sumomanu

sumomanu

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 25 October 2009 - 03:06 PM

My notebooks boot the Windows XP in 3-4 minutes. This happened after I connected the computers to the local internet network. I post here the log, maybe somebody can give me an advice. Thank you.
P.S. I found on forums that is something like the system is looking for an IP address.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:49, on 25/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\COMODO\livePCsupport\ELPS.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=13170&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Hewlett-Packard\HP

Quick Launch Buttons\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Hewlett-Packard\HP

Quick Launch Buttons\Blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - Disabled:{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - Disabled:{3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program

Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot

Shield\hssie\HssIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program

Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO livePCsupport] C:\Program Files\COMODO\livePCsupport\ELPS.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet

Security\cfp.exe" -h
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1868606317-1222124796-1857937245-500\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background (User 'Administrator')
O4 - HKUS\S-1-5-21-1868606317-1222124796-1857937245-500\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O14 - IERESET.INF:

START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=la

ptop
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -

https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/windowsupd...ab?123143855542

1
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -

https://wimpro.cce.hp.com/ChatEntry/downloads/msxml4.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program

Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir

Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program

Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program

Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir

Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program

Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program

Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program

Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program

Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot

Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program

Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Returnil Virtual System Core Service (RVSMONBL) - Unknown owner -

C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH -

C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8963 bytes

Edited by sumomanu, 25 October 2009 - 03:14 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:22 AM

Posted 01 November 2009 - 03:50 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:22 AM

Posted 08 November 2009 - 11:19 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:22 AM

Posted 09 November 2009 - 04:12 PM

Topic reopened.

Please post your logs.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 sumomanu

sumomanu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 10 November 2009 - 01:01 PM

These are the logs :

OTL logfile created on: 09/11/2009 20:34:03 - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\ROMEO\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,31% Memory free
3,84 Gb Paging File | 3,13 Gb Available in Paging File | 81,37% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 5,13 Gb Free Space | 17,51% Space Free | Partition Type: NTFS
Drive D: | 21,97 Gb Total Space | 1,89 Gb Free Space | 8,59% Space Free | Partition Type: NTFS
Drive E: | 11,02 Gb Total Space | 1,63 Gb Free Space | 14,76% Space Free | Partition Type: NTFS
Drive F: | 36,62 Gb Total Space | 2,16 Gb Free Space | 5,90% Space Free | Partition Type: NTFS
Drive G: | 4,92 Gb Total Space | 0,22 Gb Free Space | 4,47% Space Free | Partition Type: NTFS
Drive H: | 11,67 Gb Total Space | 1,34 Gb Free Space | 11,49% Space Free | Partition Type: FAT32
Drive I: | 32,54 Gb Total Space | 6,01 Gb Free Space | 18,46% Space Free | Partition Type: NTFS

Computer Name: ROMI
Current User Name: ROMEO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/09 20:29:44 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ROMEO\Desktop\OTL.exe
PRC - [2009/11/09 20:19:55 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/09 20:19:55 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/11/04 21:26:11 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/11/04 21:25:58 | 00,434,945 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2009/11/04 21:25:56 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/11/04 21:25:56 | 00,194,817 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2009/11/04 21:25:56 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/11/04 21:25:55 | 00,388,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2009/10/29 20:02:37 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/24 20:37:43 | 01,799,952 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/10/24 20:37:14 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/10/15 03:28:40 | 05,238,258 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
PRC - [2009/10/02 01:49:18 | 00,206,384 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2009/10/02 01:41:44 | 00,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/02/06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/11/09 22:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - 2144 -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
PRC - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
PRC - [2008/04/14 02:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/14 02:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe
PRC - [2008/04/14 02:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe
PRC - [2008/04/14 02:12:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/28 00:28:00 | 01,040,384 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/02/07 03:21:06 | 00,872,894 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
PRC - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2006/09/27 16:10:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/05/02 15:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2005/08/06 06:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2005/08/06 06:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe


========== Modules (SafeList) ==========

MOD - [2009/11/09 20:29:44 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ROMEO\Desktop\OTL.exe
MOD - [2009/10/24 20:39:11 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008/04/14 02:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 02:12:05 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll
MOD - [2008/04/14 02:11:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
MOD - [2008/04/14 02:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008/04/14 02:11:48 | 01,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (RVSMONBL)
SRV - File not found -- -- (gupdate1c9946aacdba4e)
SRV - File not found -- -- (AcrSch2Svc)
SRV - [2009/11/09 20:19:55 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/04 21:26:11 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/11/04 21:25:58 | 00,434,945 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2009/11/04 21:25:56 | 00,194,817 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2009/11/04 21:25:56 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/11/04 21:25:55 | 00,388,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2009/10/24 20:37:14 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/10/02 01:49:36 | 00,057,640 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009/10/02 01:49:18 | 00,206,384 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009/10/02 01:41:44 | 00,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/04/10 22:53:59 | 00,355,584 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/11/09 22:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/05/29 08:28:54 | 00,028,416 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/04/14 02:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers)
SRV - [2008/04/14 02:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ)
SRV - [2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2006/09/27 16:10:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/06/12 13:27:28 | 00,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/02 15:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/08/06 06:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2005/08/06 06:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2005/04/04 09:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/03/09 20:31:02 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/11/04 21:26:31 | 00,097,608 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)
DRV - [2009/11/04 21:26:31 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/11/04 21:26:31 | 00,069,632 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)
DRV - [2009/11/04 21:26:31 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/04 21:26:31 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/11/04 21:25:55 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/10/24 20:39:06 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2009/10/24 20:39:01 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/10/24 20:38:57 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2009/10/02 01:41:44 | 00,032,768 | ---- | M] (AnchorFree Inc) -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/01/07 23:39:36 | 00,020,744 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009/01/04 23:28:21 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/12/11 22:57:52 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/12/07 12:44:54 | 00,030,088 | ---- | M] () -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2008/12/05 06:58:48 | 00,241,296 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express)
DRV - [2008/11/17 14:23:16 | 03,636,864 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008/07/02 14:58:48 | 00,026,248 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008/05/08 16:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/28 19:22:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/13 20:39:44 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/04/13 20:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 20:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 19:45:36 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\IrBus.sys -- (IrBus)
DRV - [2008/04/13 18:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/28 00:14:00 | 00,224,672 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/01 07:26:36 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 07:25:32 | 00,211,456 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 07:25:22 | 00,731,520 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/09/27 16:10:00 | 03,694,656 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/08/24 13:42:40 | 01,555,328 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\yuanusbwdm.sys -- (iComp)
DRV - [2006/07/26 21:44:42 | 00,581,632 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/07/06 09:28:58 | 00,047,744 | ---- | M] () -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2006/06/19 04:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/05/12 22:05:02 | 00,057,320 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/21 19:06:24 | 01,429,632 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/03/16 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/03/16 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2005/12/22 19:02:22 | 00,051,840 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 22:28:32 | 00,028,928 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 20:08:00 | 00,308,992 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/13 11:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/19 14:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 14:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 08:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/05/28 17:53:46 | 00,017,005 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003/03/09 20:31:02 | 00,021,456 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/09 20:31:02 | 00,016,080 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/09 20:31:00 | 00,051,024 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2002/09/16 16:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001/08/18 07:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 07:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 07:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 07:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 07:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 06:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 06:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 06:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 06:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 06:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 06:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 06:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 06:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 06:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 06:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 42 17 18 A3 60 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com?o=13170&l=dis"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.2
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.3.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.http: "localhost "
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/28 00:31:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/01 23:46:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/12 22:30:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/30 22:23:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/09 20:02:21 | 00,000,000 | ---D | M]

[2009/05/13 21:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMEO\Application Data\Mozilla\Extensions
[2008/10/20 11:07:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMEO\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/13 21:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMEO\Application Data\Mozilla\Extensions\MediaCoder
[2009/11/09 20:06:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMEO\Application Data\Mozilla\Firefox\Profiles\fh57yr6b.default\extensions
[2009/08/02 00:26:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMEO\Application Data\Mozilla\Firefox\Profiles\fh57yr6b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/16 15:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMEO\Application Data\Mozilla\Firefox\Profiles\fh57yr6b.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/08/16 12:18:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMEO\Application Data\Mozilla\Firefox\Profiles\fh57yr6b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/30 00:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMEO\Application Data\Mozilla\Firefox\Profiles\fh57yr6b.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(2)
[2009/11/08 22:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMEO\Application Data\Mozilla\Firefox\Profiles\fh57yr6b.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/11/03 19:43:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMEO\Application Data\Mozilla\Firefox\Profiles\fh57yr6b.default\extensions\foxmarks@kei.com
[2009/10/24 13:45:27 | 00,002,255 | ---- | M] () -- C:\Documents and Settings\ROMEO\Application Data\Mozilla\Firefox\Profiles\fh57yr6b.default\searchplugins\askcom.xml
[2009/11/09 20:20:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/29 20:02:47 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/12 22:31:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/11/09 20:20:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/10/29 20:02:26 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 20:02:27 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/01/27 03:34:38 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/01/16 19:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/11/09 20:19:56 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/01/27 03:34:16 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/10/29 20:02:39 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2003/07/14 21:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/10/28 00:31:55 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008/10/28 00:32:02 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/10/28 00:31:52 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/10/29 20:02:39 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/29 20:02:39 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/29 20:02:39 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/29 20:02:39 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/29 20:02:39 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipediaro.xml
[2009/10/29 20:02:39 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (350653 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12022 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab (DLM Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} Reg Error: Value error. (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1231438555421 (WUWebControl Class)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} https://wimpro.cce.hp.com/ChatEntry/downloads/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.154.124.1 193.231.252.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 22:01:14 | 00,000,053 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/03/20 17:42:25 | 00,000,024 | ---- | M] () - I:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5726ef8e-5be6-11de-b161-0016369e7221}\Shell\AutoRun\command - "" = 2a.exe
O33 - MountPoints2\{5726ef8e-5be6-11de-b161-0016369e7221}\Shell\open\Command - "" = 2a.exe
O33 - MountPoints2\{b5246908-05cf-11de-b077-0016369e7221}\Shell - "" = AutoRun
O33 - MountPoints2\{b5246908-05cf-11de-b077-0016369e7221}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 90 Days ==========

[2009/11/09 20:29:44 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ROMEO\Desktop\OTL.exe
[2009/11/09 20:20:10 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/09 20:20:10 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/09 20:20:10 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/09 20:18:54 | 00,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\ROMEO\Desktop\jre-6u17-windows-i586-iftw-rv.exe
[2009/11/08 22:00:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ROMEO\Application Data\Tor
[2009/11/08 22:00:06 | 00,000,000 | ---D | C] -- C:\Program Files\Vidalia Bundle
[2009/11/08 22:00:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ROMEO\Application Data\Vidalia
[2009/11/08 20:54:09 | 00,000,000 | ---D | C] -- C:\Hotspot Shield
[2009/11/08 20:53:39 | 00,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2009/11/04 21:48:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ROMEO\Application Data\Avira
[2009/11/04 21:28:12 | 00,097,608 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwot.sys
[2009/11/04 21:28:12 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/11/04 21:28:12 | 00,069,632 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwim.sys
[2009/11/04 21:28:12 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/11/04 21:28:12 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/11/04 21:28:11 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/11/04 21:28:06 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/11/04 20:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ROMEO\Application Data\Yahoo!
[2009/11/04 20:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/11/04 19:32:28 | 00,793,200 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\ROMEO\Desktop\Norton_Removal_Tool.exe
[2009/11/03 16:57:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/11/03 16:57:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1100000.088
[2009/11/03 16:57:45 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/10/30 21:47:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ROMEO\Desktop\sss-final
[2009/10/30 00:51:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ROMEO\Desktop\Kaspersky.Security.Suite.CBE.7.0.135.GERMAN LICENTA 3 LUNI
[2009/10/25 09:52:46 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/10/25 09:52:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/10/24 14:09:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2009/10/24 14:08:58 | 00,179,792 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/10/24 14:08:57 | 00,132,296 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/10/24 14:08:57 | 00,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/10/24 14:08:57 | 00,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/10/24 14:08:52 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/10/23 23:26:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ROMEO\Desktop\XnView-win PROCESARE POZE (MICSORARE)
[2009/10/23 21:37:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ROMEO\Desktop\RIP DVD
[2009/10/23 21:08:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ROMEO\My Documents\The KMPlayer
[2009/10/23 21:05:27 | 00,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2009/10/18 20:47:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Returnil
[2009/10/18 17:41:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ROMEO\Application Data\Returnil
[2009/10/18 17:40:02 | 00,000,000 | -H-D | C] -- C:\Returnil
[2009/10/18 17:39:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Returnil
[2009/10/16 21:58:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ROMEO\Desktop\HANNAH MONTANA
[2009/10/16 16:33:32 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys
[2009/10/16 16:02:05 | 00,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2009/10/02 01:41:44 | 00,037,376 | ---- | C] (AnchorFree Inc.) -- C:\WINDOWS\System32\drivers\HssDrv.sys
[2009/10/02 01:41:44 | 00,032,768 | ---- | C] (AnchorFree Inc) -- C:\WINDOWS\System32\drivers\taphss.sys
[2009/09/21 19:22:31 | 00,000,000 | ---D | C] -- C:\Program Files\WinLoadFast
[2009/09/15 22:12:48 | 00,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RICHTX32.OCX
[2009/09/15 22:12:48 | 00,124,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/09/15 22:12:47 | 00,372,736 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\IJL_11.DLL
[2009/09/15 21:00:51 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ROMEO\PrivacIE
[2009/09/09 21:36:09 | 00,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2009/09/09 21:36:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ROMEO\Application Data\Software Informer
[2009/08/31 16:39:53 | 00,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2009/08/30 12:14:31 | 00,000,000 | ---D | C] -- C:\Program Files\Perfect Utilities
[2009/08/16 12:23:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RFA_Backups
[2009/08/16 12:23:22 | 00,000,000 | ---D | C] -- C:\Program Files\RFA
[2009/01/04 23:28:21 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\ROMEO\Application Data\pcouffin.sys
[2008/10/20 06:49:15 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnp2uvc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2009/11/09 20:29:44 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ROMEO\Desktop\OTL.exe
[2009/11/09 20:19:54 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/09 20:19:54 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/09 20:19:54 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/09 20:19:54 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/09 20:19:53 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/11/09 20:18:55 | 00,714,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\ROMEO\Desktop\jre-6u17-windows-i586-iftw-rv.exe
[2009/11/09 20:14:22 | 02,631,377 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\sophos-a-to-z-computer-and-data-security-threats.pdf
[2009/11/09 20:08:48 | 00,535,832 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/09 20:08:48 | 00,452,178 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/09 20:08:48 | 00,074,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/09 20:02:19 | 00,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/09 20:02:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/09 20:02:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/09 00:44:35 | 13,070,336 | ---- | M] () -- C:\Documents and Settings\ROMEO\ntuser.dat
[2009/11/09 00:44:35 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\ROMEO\ntuser.ini
[2009/11/09 00:01:00 | 00,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/11/08 21:59:07 | 09,997,721 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\vidalia-bundle-0.2.1.20-0.2.5.exe
[2009/11/08 20:53:53 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hotspot Shield Launch.lnk
[2009/11/08 20:28:44 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/05 20:05:58 | 00,365,847 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\contract casa de pensii .pdf
[2009/11/05 19:57:16 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/04 22:43:55 | 00,350,653 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/04 21:28:36 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/11/04 21:26:31 | 00,097,608 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwot.sys
[2009/11/04 21:26:31 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/11/04 21:26:31 | 00,069,632 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwim.sys
[2009/11/04 21:26:31 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/11/04 21:26:31 | 00,045,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/11/04 21:26:31 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/11/04 21:26:31 | 00,022,360 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/11/04 21:26:22 | 00,000,512 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\HBEDV.KEY
[2009/11/04 21:24:49 | 00,758,936 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\avira_premium_security_suite.exe
[2009/11/04 20:25:17 | 00,000,251 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI
[2009/11/04 20:10:28 | 00,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/11/04 19:32:31 | 00,793,200 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\ROMEO\Desktop\Norton_Removal_Tool.exe
[2009/11/03 17:50:44 | 00,588,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Cat.DB
[2009/10/30 00:17:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\cd.dat
[2009/10/29 21:16:52 | 00,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2009/10/25 22:01:01 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\HijackThis.lnk
[2009/10/25 20:52:35 | 00,000,935 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\Spybot - Search & Destroy.lnk
[2009/10/25 16:27:56 | 00,003,847 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\M__voiceroot_848353_848353_2009-09-01_2571426_57.pdf
[2009/10/25 14:29:22 | 00,347,151 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091104-224348.backup
[2009/10/25 09:42:30 | 00,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/10/24 20:39:11 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/10/24 20:39:06 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/10/24 20:39:01 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/10/24 20:38:57 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/10/24 15:48:38 | 00,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/10/24 14:11:45 | 00,001,696 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\COMODO livePCsupport.lnk
[2009/10/23 23:32:04 | 05,132,984 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\HSS-1.31-install-anchorfree-76-conduit.exe
[2009/10/23 22:42:05 | 00,269,373 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\ringtone(4).mp3
[2009/10/23 22:36:37 | 01,048,240 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\ringtone(3).mp3
[2009/10/23 22:07:45 | 00,455,574 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\ringtone(2).mp3
[2009/10/23 21:56:31 | 00,579,396 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\ringtone.mp3
[2009/10/23 21:08:29 | 00,000,652 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\KMPlayer.lnk
[2009/10/16 21:19:51 | 00,119,296 | ---- | M] () -- C:\Documents and Settings\ROMEO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/16 16:02:05 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MozBackup.lnk
[2009/10/02 01:41:44 | 00,037,376 | ---- | M] (AnchorFree Inc.) -- C:\WINDOWS\System32\drivers\HssDrv.sys
[2009/10/02 01:41:44 | 00,032,768 | ---- | M] (AnchorFree Inc) -- C:\WINDOWS\System32\drivers\taphss.sys
[2009/09/21 19:33:46 | 00,000,050 | R--- | M] () -- C:\WINDOWS\amunres.lsl
[2009/09/20 21:40:55 | 03,523,538 | -H-- | M] () -- C:\Documents and Settings\ROMEO\Local Settings\Application Data\IconCache.db
[2009/09/20 20:19:39 | 00,000,048 | ---- | M] () -- C:\WINDOWS\System32\_1PUTILS.dat
[2009/09/19 19:42:55 | 00,000,794 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\Shortcut to Alfabet.exe.lnk
[2009/09/10 13:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 13:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/31 16:40:30 | 00,000,838 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio 9.lnk
[2009/08/30 12:14:41 | 00,000,740 | ---- | M] () -- C:\Documents and Settings\ROMEO\Desktop\Perfect Utilities.lnk
[2009/08/16 12:23:24 | 00,000,636 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry First Aid.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/09 20:14:21 | 02,631,377 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\sophos-a-to-z-computer-and-data-security-threats.pdf
[2009/11/08 21:58:56 | 09,997,721 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\vidalia-bundle-0.2.1.20-0.2.5.exe
[2009/11/08 20:53:53 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hotspot Shield Launch.lnk
[2009/11/05 20:05:58 | 00,365,847 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\contract casa de pensii .pdf
[2009/11/04 21:28:36 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/11/04 21:26:22 | 00,000,512 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\HBEDV.KEY
[2009/11/04 21:24:48 | 00,758,936 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\avira_premium_security_suite.exe
[2009/11/04 20:10:28 | 00,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/11/03 19:52:12 | 00,000,251 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/11/03 16:58:31 | 00,588,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Cat.DB
[2009/10/30 00:17:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2009/10/29 20:23:38 | 13,070,336 | ---- | C] () -- C:\Documents and Settings\ROMEO\ntuser.dat
[2009/10/25 22:01:01 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\HijackThis.lnk
[2009/10/25 20:52:35 | 00,000,935 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\Spybot - Search & Destroy.lnk
[2009/10/25 16:27:56 | 00,003,847 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\M__voiceroot_848353_848353_2009-09-01_2571426_57.pdf
[2009/10/24 15:48:38 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/10/24 14:11:45 | 00,001,696 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\COMODO livePCsupport.lnk
[2009/10/23 23:31:50 | 05,132,984 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\HSS-1.31-install-anchorfree-76-conduit.exe
[2009/10/23 22:42:05 | 00,269,373 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\ringtone(4).mp3
[2009/10/23 22:36:37 | 01,048,240 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\ringtone(3).mp3
[2009/10/23 22:07:45 | 00,455,574 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\ringtone(2).mp3
[2009/10/23 21:56:31 | 00,579,396 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\ringtone.mp3
[2009/10/23 21:06:19 | 00,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/10/23 21:05:38 | 00,000,652 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\KMPlayer.lnk
[2009/10/16 16:02:05 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MozBackup.lnk
[2009/09/21 19:33:46 | 00,000,050 | R--- | C] () -- C:\WINDOWS\amunres.lsl
[2009/09/19 19:42:55 | 00,000,794 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\Shortcut to Alfabet.exe.lnk
[2009/08/31 16:40:30 | 00,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo Burning Studio 9.lnk
[2009/08/30 12:14:51 | 00,000,048 | ---- | C] () -- C:\WINDOWS\System32\_1PUTILS.dat
[2009/08/30 12:14:41 | 00,000,740 | ---- | C] () -- C:\Documents and Settings\ROMEO\Desktop\Perfect Utilities.lnk
[2009/08/16 12:23:24 | 00,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry First Aid.lnk
[2009/04/16 05:34:33 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\msmicword.dll
[2009/03/17 23:16:42 | 00,000,153 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2009/02/25 00:38:16 | 03,523,538 | -H-- | C] () -- C:\Documents and Settings\ROMEO\Local Settings\Application Data\IconCache.db
[2009/01/26 00:36:22 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/26 00:36:22 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2009/01/18 00:03:03 | 00,000,029 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/01/04 23:28:42 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\ROMEO\Application Data\pcouffin.log
[2009/01/04 23:28:21 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\ROMEO\Application Data\inst.exe
[2009/01/04 23:28:21 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\ROMEO\Application Data\pcouffin.cat
[2009/01/04 23:28:21 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\ROMEO\Application Data\pcouffin.inf
[2009/01/04 01:26:07 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/04 01:26:07 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/02 18:46:46 | 00,000,777 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/12/11 23:24:19 | 00,000,016 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/12/11 22:57:52 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/12/07 12:44:54 | 00,030,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2008/11/06 22:15:48 | 00,012,987 | ---- | C] () -- C:\Program Files\05.11.2008
[2008/10/20 18:30:22 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/20 06:49:47 | 00,119,296 | ---- | C] () -- C:\Documents and Settings\ROMEO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/20 06:44:44 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\ROMEO\Application Data\desktop.ini
[2008/10/20 06:44:43 | 00,051,192 | ---- | C] () -- C:\Documents and Settings\ROMEO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/20 06:44:43 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\ROMEO\Local Settings\Application Data\fusioncache.dat
[2008/10/20 06:44:43 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\ROMEO\Local Settings\Application Data\DSwitch.txt
[2008/10/20 06:44:43 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\ROMEO\Local Settings\Application Data\AtStart.txt
[2008/10/20 06:44:42 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\ROMEO\Local Settings\Application Data\QSwitch.txt
[2008/10/04 22:34:45 | 00,009,851 | ---- | C] () -- C:\WINDOWS\System32\mswincore.dll
[2006/09/17 18:13:22 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/17 18:09:09 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/17 17:54:35 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/17 17:42:07 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/20 07:58:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/20 07:58:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/20 07:58:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/20 07:58:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/20 07:58:00 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/06 12:28:58 | 00,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2006/06/29 21:18:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 20:49:18 | 00,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/29 20:46:56 | 00,000,421 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 20:43:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 20:13:22 | 00,000,729 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/29 13:00:42 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/06/29 13:00:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/03/04 09:07:34 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/06 20:06:32 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2005/03/02 13:12:14 | 00,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/09/16 22:24:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/06/13 20:45:17 | 00,066,048 | ---- | C] () -- C:\WINDOWS\launch_inalf.dll
[2003/03/09 20:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 21:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\svchost.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\rundll32.exe:SummaryInformation
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8927A071
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >


OTL Extras logfile created on: 09/11/2009 20:34:03 - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\ROMEO\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,31% Memory free
3,84 Gb Paging File | 3,13 Gb Available in Paging File | 81,37% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 5,13 Gb Free Space | 17,51% Space Free | Partition Type: NTFS
Drive D: | 21,97 Gb Total Space | 1,89 Gb Free Space | 8,59% Space Free | Partition Type: NTFS
Drive E: | 11,02 Gb Total Space | 1,63 Gb Free Space | 14,76% Space Free | Partition Type: NTFS
Drive F: | 36,62 Gb Total Space | 2,16 Gb Free Space | 5,90% Space Free | Partition Type: NTFS
Drive G: | 4,92 Gb Total Space | 0,22 Gb Free Space | 4,47% Space Free | Partition Type: NTFS
Drive H: | 11,67 Gb Total Space | 1,34 Gb Free Space | 11,49% Space Free | Partition Type: FAT32
Drive I: | 32,54 Gb Total Space | 6,01 Gb Free Space | 18,46% Space Free | Partition Type: NTFS

Computer Name: ROMI
Current User Name: ROMEO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"J:\DOWN\BlueSoleil 6.4.237.0+crack\Crack\BlueSoleilCS.exe" = J:\DOWN\BlueSoleil 6.4.237.0+crack\Crack\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- File not found
"J:\DOWN\Crack\BlueSoleilCS.exe" = J:\DOWN\Crack\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- File not found
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00300409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Proofing Tools Disc 1
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{285A7CB9-4658-4F6E-8D5D-D53F4C49C519}" = Dictionar Francez
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Pavilion Webcam
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{93FB47FB-4FDF-4131-B5FD-7A37883868E7}" = hp psc 2170 series
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACC9F63-CF54-46D7-9140-D40E57563AAF}_is1" = COMODO livePCsupport 1.0.65302.27
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1048-7B44-A90000000001}" = Adobe Reader 9 - Romanian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4180B60-0239-48DE-89EF-2CE4C3650A71}" = HP User Guides 0036
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB9E4EAB-2717-499F-8D56-4CC8A644AB60}" = MPlayer for Windows (Full Package)
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.10
"Avira AntiVir Desktop" = Avira Premium Security Suite
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VENICE_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"COMODO Internet Security" = COMODO Internet Security
"Crystal Player" = Crystal Player Professional 1.85
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 1.31
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP PSC 2170 Series" = HP Photo and Imaging 2.0 - hp psc 2170 series
"hp psc 2170 series_Driver" = hp psc 2170 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MV2Player" = MV2Player (remove only)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Perfect Utilities" = Perfect Utilities 3.01
"Polipo" = Polipo 1.0.4
"PrintCase 2008 ver 3.0.15" = PrintCase 2008 ver 3.0.15
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"Registry First Aid_is1" = Registry First Aid
"Revo Uninstaller" = Revo Uninstaller 1.83
"Software Informer_is1" = Software Informer 1.0 BETA
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"Tor" = Tor 0.2.1.20
"Vidalia" = Vidalia 0.2.5
"ViPlay" = URUSoft ViPlay
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/10/2009 13:40:55 | Computer Name = ROMI | Source = MSMQ | ID = 2059
Description = The RPC service cannot be used with the TCP/IP protocol. Consequently,
the Message Queuing service cannot communicate with other computers.

Error - 29/10/2009 13:56:30 | Computer Name = ROMI | Source = MSMQ | ID = 2059
Description = The RPC service cannot be used with the TCP/IP protocol. Consequently,
the Message Queuing service cannot communicate with other computers.

Error - 29/10/2009 17:38:08 | Computer Name = ROMI | Source = MSMQ | ID = 2059
Description = The RPC service cannot be used with the TCP/IP protocol. Consequently,
the Message Queuing service cannot communicate with other computers.

Error - 29/10/2009 17:48:58 | Computer Name = ROMI | Source = MSMQ | ID = 2059
Description = The RPC service cannot be used with the TCP/IP protocol. Consequently,
the Message Queuing service cannot communicate with other computers.

Error - 29/10/2009 17:57:56 | Computer Name = ROMI | Source = MSMQ | ID = 2059
Description = The RPC service cannot be used with the TCP/IP protocol. Consequently,
the Message Queuing service cannot communicate with other computers.

Error - 29/10/2009 18:17:36 | Computer Name = ROMI | Source = Avira AntiVir | ID = 4110
Description = An unknown error occurred during init of the engine! Returned error
code: 0x35

Error - 30/10/2009 15:04:05 | Computer Name = ROMI | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 30/10/2009 15:04:12 | Computer Name = ROMI | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 30/10/2009 15:04:14 | Computer Name = ROMI | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 09/11/2009 14:02:29 | Computer Name = ROMI | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 04/11/2009 14:06:10 | Computer Name = ROMI | Source = Service Control Manager | ID = 7000
Description = The Returnil Virtual System Core Service service failed to start due
to the following error: %%2

Error - 04/11/2009 14:06:12 | Computer Name = ROMI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
xlkfs

Error - 04/11/2009 15:37:53 | Computer Name = ROMI | Source = Service Control Manager | ID = 7000
Description = The Returnil Virtual System Core Service service failed to start due
to the following error: %%2

Error - 04/11/2009 15:38:21 | Computer Name = ROMI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
xlkfs

Error - 05/11/2009 11:53:04 | Computer Name = ROMI | Source = Service Control Manager | ID = 7000
Description = The Returnil Virtual System Core Service service failed to start due
to the following error: %%2

Error - 05/11/2009 11:53:08 | Computer Name = ROMI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
xlkfs

Error - 08/11/2009 14:31:24 | Computer Name = ROMI | Source = Service Control Manager | ID = 7000
Description = The Returnil Virtual System Core Service service failed to start due
to the following error: %%2

Error - 08/11/2009 14:31:25 | Computer Name = ROMI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
xlkfs

Error - 09/11/2009 14:04:53 | Computer Name = ROMI | Source = Service Control Manager | ID = 7000
Description = The Returnil Virtual System Core Service service failed to start due
to the following error: %%2

Error - 09/11/2009 14:04:54 | Computer Name = ROMI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
xlkfs


< End of report >


Any suggestions ?

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:22 AM

Posted 10 November 2009 - 01:52 PM

Hi,

Your log(s) indicate that you are using so called peer-to-peer or file-sharing programmes. These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

BlueSoleil 6.4.237.0+crack


The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

http://www.trendmicro.com/vinfo/grayware/v...=CRCK_KEYGEN.BB

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

http://blog.trendmicro.com/crack-sites-dis...rux-and-fakeav/


When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


If you still need assistance please remove all cracked software from your system. Namely the:
  • BlueSoleil
.


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either the anti virus program from Comodo Internet Security or Avira.

Please also run a scan with the following two tools:
Malwarebytes:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

and GMER:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

I changed nick today from _temp_ to myrti. I hope that won't create to much confusion.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 sumomanu

sumomanu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 10 November 2009 - 05:58 PM

Hello
1.
I used BlueSoleil some time ago, but now, I don't have this software or crack in my computer.
Actually the log says FILE NOT FOUND :
J:\DOWN\BlueSoleil 6.4.237.0+crack\Crack\BlueSoleilCS.exe" = J:\DOWN\BlueSoleil 6.4.237.0+crack\Crack\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- File not found
"J:\DOWN\Crack\BlueSoleilCS.exe" = J:\DOWN\Crack\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- File not found
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- File not found

2.
I have only one antivirus program installed :Avira.
From Comodo Internet Security I installed only the firewall. There is no Comodo antivirus on my computer.

3.
I have Malwarebytes' Anti-Malware installed,downloaded from the original site http://www.malwarebytes.org/, updating daily and I am using it often. It seems that the computer si clean.

THis os the last log :
Malwarebytes' Anti-Malware 1.41
Database version: 3141
Windows 5.1.2600 Service Pack 3

10/11/2009 23:01:06
mbam-log-2009-11-10 (23-01-06).txt

Tipul scanarii: Scanare rapida
Obiecte scanate: 110914
Timp trecut: 6 minute(s), 31 second(s)

Procese din memorie afectate: 0
Module de memorie afectate: 0
Chei de registri infectate: 0
Valori din registri afectate: 0
Elemente din registri infectate: 0
Foldere infectate: 0
Fisiere infectate: 0

Procese din memorie afectate:
(Nici un element periculos nu a fost detectat)

Module de memorie afectate:
(Nici un element periculos nu a fost detectat)

Chei de registri infectate:
(Nici un element periculos nu a fost detectat)

Valori din registri afectate:
(Nici un element periculos nu a fost detectat)

Elemente din registri infectate:
(Nici un element periculos nu a fost detectat)

Foldere infectate:
(Nici un element periculos nu a fost detectat)

Fisiere infectate:
(Nici un element periculos nu a fost detectat)
No dangerous malware was detected.


4. gmer.log is a HUGE log (676 kb) and it is impossible to paste it here.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:22 AM

Posted 10 November 2009 - 06:32 PM

Hi,

can you please disconnect from the internet and disable all your security software. Then close all open windows and run gmer again. If the log is still to big to be posted, please try to attach it to your reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 sumomanu

sumomanu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 12 November 2009 - 04:03 PM

I attached the first part here

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:22 AM

Posted 12 November 2009 - 05:52 PM

No you didn't. :(

If the file can't be uploaded in one part, you could also use a filehoster of your choice and post the link here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 sumomanu

sumomanu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 14 November 2009 - 12:57 PM

I could do this from the beginning :( [post="gmer.log"]http://dl.transfer.ro/Transfer_ro-14Nov-2448eb6bb6.zip[/post]

Edited by sumomanu, 14 November 2009 - 12:58 PM.


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:22 AM

Posted 15 November 2009 - 07:32 PM

Hi,


it does not look to be a malware issue, but just to be safe I would like to ask you to run an Eset Online Scan:

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
I'm going to see if I can find some tips for your problem, otherwise I will ask you to post your problem in the Windows forum, where people are more familiar with this type of issues.

Do you get the long boot only when you are connected to the network, or also when you don't connect to it? Is the boot time the same for safe and normal mode?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users