Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM, other scanners close in a few seconds


  • This topic is locked This topic is locked
164 replies to this topic

#1 Sei

Sei

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 28 November 2009 - 11:46 PM

Today I was surfing around when suddenly my Firefox crashed. I thought it was just a random crash so I continued on as though nothing had happened. Then I went to do a search in google and it crashed again. This made me suspicious so I started Firefox up again and tried to redo my search. Again it crashed. I repeated this a couple more times just to confirm.

So after this I tried to run MBAM, which succeeded in opening only to close a couple seconds later. I also tried running the GMER rootkit scanner. That would scan for a couple seconds and crash. Also, it seems as if my WindowsBlinds has been disabled (skinner for windowsXP) if that is of any relevance. I definitely think there is something wrong.

It also seems that Windows Firewall on my internet connection has been disabled, and any attempt to enable it seems useless. Because of that, I've disabled the internet connection on that computer for now.

What should I do?

I am running on WindowsXP SP3.

I have an HJT log if necessary so at least that runs fine.


Directed to post logs here. One change to the above, it seems my WindowsBlinds is working again... I don't know what happened before. Here's the logs from DDS and HJT. I attempted to run RootRepeal, but it would hang on the "Initializing. Please wait" screen and then I would get a windows error saying my virtual memory was too low a few minutes later with everything running extremely slowly forcing me to restart. Windows firewall for the internet is still dead.

I seem to be running into random errors. The first few times I restarted my computer it would hang after the WindowsXP screen and not even load the welcome screen on both normal and safe mode. Now I am able to login to my account, but I get random errors like some program has encountered a problem and needs to close, and one where explorer crashed and I was forced to restart again as the whole thing had locked up.

Anyways here are the DDS and HJT logs. Attempting to do a Cobian backup as well.

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:31 PM

Posted 09 December 2009 - 12:15 PM

Hi,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Then please post back here with the following logs:
  • OTListIt.txt
  • Extra.txt
Thanks

unite.jpg


#3 Sei

Sei
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 09 December 2009 - 02:24 PM

Thanks for your reply. I realize it's quite busy here, but I'm glad you were able to respond. Your efforts are very much appreciated.

I have done nothing on that computer since the first post so nothing has changed. MBAM still closes after a few seconds and I can not turn my internet firewall on. I have no checked the website redirection when doing searches because I did not want to allow an infected firewall-less computer to have access to the internet, so of course the internet is disabled.

Here are the logs you requested.

OTL.txt

OTL logfile created on: 12/9/2009 12:10:19 PM - Run 1
OTL by OldTimer - Version 3.1.12.0 Folder = C:\Documents and Settings\Serie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 59.81% Memory free
2.11 Gb Paging File | 1.66 Gb Available in Paging File | 78.70% Paging File free
Paging file location(s): C:\pagefile.sys 768 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.27 Gb Total Space | 10.04 Gb Free Space | 9.36% Space Free | Partition Type: NTFS
Drive D: | 4.53 Gb Total Space | 0.77 Gb Free Space | 16.95% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IVAN
Current User Name: Serie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/09 12:01:48 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Serie\Desktop\OTL.exe
PRC - [2009/11/26 08:36:10 | 02,029,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/09/30 19:58:42 | 00,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/07/31 07:27:57 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/31 07:27:56 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/07/31 07:27:48 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/07/31 07:27:45 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/07/31 07:27:36 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/01 09:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/05/28 06:32:28 | 00,380,416 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2009/05/28 06:32:26 | 00,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2008/08/05 11:19:36 | 00,417,792 | ---- | M] (mental images GmbH) -- C:\spm\spmdib.exe
PRC - [2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 18:07:58 | 01,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/02/28 18:07:48 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
PRC - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/15 21:23:15 | 01,073,152 | ---- | M] () -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe
PRC - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/04/10 13:24:20 | 00,049,220 | ---- | M] (Samsung) -- C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
PRC - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/06/17 13:35:50 | 00,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/06/17 13:00:46 | 00,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/04/23 14:00:48 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/09/07 12:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2003/02/21 04:07:06 | 00,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
PRC - [2003/02/21 03:50:10 | 00,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2003/02/11 19:02:48 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2002/04/17 17:49:16 | 00,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 17:42:56 | 00,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [1998/05/07 16:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/12/09 12:01:48 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Serie\Desktop\OTL.exe
MOD - [2005/11/28 12:57:10 | 00,512,090 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll
MOD - [2004/09/18 14:37:00 | 00,028,740 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/31 07:27:48 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/07/31 07:27:36 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/28 06:32:26 | 00,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/03/16 17:39:00 | 02,800,669 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/12/31 13:12:44 | 00,910,600 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe -- (PD91Engine)
SRV - [2008/12/31 13:12:40 | 00,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe -- (PD91Agent)
SRV - [2008/11/11 09:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/08/05 11:19:36 | 00,417,792 | ---- | M] (mental images GmbH) -- C:\spm\spmdib.exe -- (spmd)
SRV - [2008/02/28 18:07:48 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/03/21 11:57:56 | 00,516,096 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe -- (nlsvc)
SRV - [2007/03/11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/03/11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/02/05 09:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 09:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/25 10:31:34 | 00,093,048 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/25 14:55:58 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/12/14 01:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/06/17 13:00:46 | 00,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2005/05/07 14:34:39 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2003/02/21 04:07:06 | 00,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)


========== Driver Services (SafeList) ==========

DRV - [2009/07/31 07:27:56 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/07/31 07:27:56 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/28 06:32:24 | 00,108,032 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/04/30 07:09:05 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/04/30 07:09:01 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/03/19 12:48:18 | 00,136,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/03/19 12:48:12 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/02/09 06:37:56 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 06:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 06:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 06:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/02/01 16:10:02 | 00,094,208 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay)
DRV - [2009/02/01 16:09:40 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/08/28 13:16:40 | 00,071,184 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\system32\drivers\DefragFS.sys -- (DefragFS)
DRV - [2008/08/26 09:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 12:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2008/04/13 11:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/02/20 12:47:34 | 00,027,936 | ---- | M] (RapidSolution Software AG) -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/07 07:18:54 | 00,007,936 | R--- | M] (Initio Corporation) -- C:\WINDOWS\system32\drivers\inidvd.sys -- (INIDVD)
DRV - [2007/04/23 04:03:04 | 00,082,200 | ---- | M] (Locktime Software) -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2007/03/07 21:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/03/07 21:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/03/07 21:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (Cptiquisaic)
DRV - [2007/03/07 21:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2007/02/27 11:39:26 | 00,032,256 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/01/25 10:31:34 | 00,042,000 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/10/22 11:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/10/10 12:53:48 | 00,005,632 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/04/09 22:02:18 | 00,162,816 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt25usbap.sys -- (RT25USBAP)
DRV - [2006/02/16 16:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/05/03 08:34:02 | 00,027,392 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/04/21 04:40:36 | 00,010,624 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2004/10/07 18:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 09:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/22 15:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 15:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/08/03 22:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:51 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/03/14 01:14:28 | 00,112,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/03/14 01:14:16 | 00,078,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/03/14 01:13:04 | 00,090,395 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2003/03/07 22:13:22 | 00,624,369 | ---- | M] (LT) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/26 19:19:50 | 00,260,736 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/02/22 19:55:26 | 00,141,824 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2002/12/27 11:41:00 | 00,026,880 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/12/24 22:09:48 | 00,030,848 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/21 10:21:00 | 00,082,784 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\System32\DRIVERS\drvmcdb.sys -- (drvmcdb)
DRV - [2002/10/01 08:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/06 18:24:00 | 00,013,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002/08/29 12:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/06/04 13:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/04/09 13:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007\S-1-5-21-3874153118-2467180674-3659626198-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007\S-1-5-21-3874153118-2467180674-3659626198-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/04/09 16:52:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/28 16:24:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/28 16:24:27 | 00,000,000 | ---D | M]

[2008/06/20 17:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Extensions
[2009/11/27 21:04:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions
[2009/06/20 08:13:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2009/09/05 18:32:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/15 01:17:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2008/06/20 17:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}
[2009/11/21 08:25:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/06/20 17:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\videodowloader@videodownloader.net
[2009/11/27 21:04:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/12/05 21:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - Reg Error: Value error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk = C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (interMute, Inc.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe File not found
O4 - Startup: C:\Documents and Settings\Serie\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Serie\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Serie\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67105791
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 50320383
O7 - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1180790481218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8464.9536689815 (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O20 - Winlogon\Notify\WBSrv: DllName - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/02 19:41:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/02 19:33:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{68185e30-b5e1-11dc-9993-000c6e914d85}\Shell - "" = AutoRun
O33 - MountPoints2\{68185e30-b5e1-11dc-9993-000c6e914d85}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{68185e30-b5e1-11dc-9993-000c6e914d85}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/09 12:09:54 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Serie\Desktop\OTL.exe
[2009/11/28 20:53:00 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2009/11/28 16:28:11 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Serie\Recent
[2009/11/27 07:36:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Serie\Desktop\Bleach_383[SleepyFans]
[2009/11/19 20:58:09 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/11/19 20:58:08 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/11/19 20:58:08 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/11/19 20:58:01 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/11/15 15:09:32 | 00,000,000 | ---D | C] -- C:\Program Files\WiFiConnector
[2009/11/13 07:02:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Serie\Desktop\Bleach_382_[SS]
[2009/02/01 16:10:02 | 00,094,208 | ---- | C] (VSO Software) -- C:\Documents and Settings\Serie\Application Data\ezplay.sys
[2009/02/01 16:09:40 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Serie\Application Data\pcouffin.sys
[2006/12/24 01:28:04 | 01,706,800 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll
[2006/12/24 01:28:04 | 00,239,224 | ---- | C] (Microsoft Corporation) -- C:\Program Files\unicows.dll
[2005/07/03 20:04:33 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2005/07/03 20:04:33 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/09 12:03:31 | 00,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/12/09 12:03:28 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/09 12:03:14 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/09 12:02:39 | 00,000,336 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2009/12/09 12:02:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/09 12:02:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/09 12:02:26 | 16,100,10624 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/09 12:01:48 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Serie\Desktop\OTL.exe
[2009/11/30 07:03:12 | 15,204,352 | ---- | M] () -- C:\Documents and Settings\Serie\NTUSER.DAT
[2009/11/28 17:03:57 | 00,292,352 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\qtkkq83s.exe
[2009/11/28 17:00:50 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 16:24:31 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/28 15:56:11 | 00,019,508 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\Miki Fujimoto - Zoomin & Mezamado 20091127.avi.torrent
[2009/11/28 15:50:53 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/28 08:33:22 | 45,855,703 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/28 07:22:28 | 00,015,511 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\Sayumi Michishige -Mecha Mecha Iketeru 20091128.avi.torrent
[2009/11/28 00:26:56 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\Serie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/27 16:32:30 | 00,105,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/26 19:36:25 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/26 19:36:25 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/11/19 20:04:23 | 07,428,398 | -H-- | M] () -- C:\Documents and Settings\Serie\Local Settings\Application Data\IconCache.db
[2009/11/18 16:29:04 | 13,271,714 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\Big_Bang_-_Haru_Haru__ENGLISH_SUBBED_.flv
[2009/11/18 07:10:10 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\Dream notes.doc
[2009/11/17 22:58:34 | 04,243,389 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\Fireflies (Lady GayGay Remix).m4a
[2009/11/15 15:09:41 | 00,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
[2009/11/13 18:13:40 | 09,544,474 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\CHEAT.db
[2009/11/12 20:30:37 | 01,752,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 23:59:32 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\You.doc
[2009/11/11 19:21:11 | 00,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2009/11/11 18:45:27 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\MLSCI 230 Case Study Logbook.doc
[2009/11/10 23:31:12 | 00,000,280 | ---- | M] () -- C:\WINDOWS\System32\PDBootState
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/28 17:03:50 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\qtkkq83s.exe
[2009/11/28 16:53:44 | 16,100,10624 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/28 15:56:10 | 00,019,508 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\Miki Fujimoto - Zoomin & Mezamado 20091127.avi.torrent
[2009/11/28 07:22:27 | 00,015,511 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\Sayumi Michishige -Mecha Mecha Iketeru 20091128.avi.torrent
[2009/11/26 19:36:25 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/11/26 19:36:25 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/11/19 20:58:10 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/19 20:58:09 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/11/19 20:58:07 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/19 20:58:06 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/19 20:58:03 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/19 20:58:03 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/11/18 16:25:04 | 13,271,714 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\Big_Bang_-_Haru_Haru__ENGLISH_SUBBED_.flv
[2009/11/17 22:58:33 | 04,243,389 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\Fireflies (Lady GayGay Remix).m4a
[2009/11/15 15:09:41 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
[2009/11/13 18:13:39 | 09,544,474 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\CHEAT.db
[2009/11/11 23:35:09 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\You.doc
[2009/11/11 19:21:11 | 00,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2009/11/11 17:50:57 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\MLSCI 230 Case Study Logbook.doc
[2009/06/27 23:19:54 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/06/02 21:47:53 | 00,002,580 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/02/24 22:56:33 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2009/02/08 00:36:43 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/01 16:10:18 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\ezplay.log
[2009/02/01 16:10:02 | 00,007,861 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\ezplay.cat
[2009/02/01 16:10:02 | 00,001,103 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\ezplay.inf
[2009/02/01 16:10:02 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\ezplay.ini
[2009/02/01 16:10:00 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\pcouffin.log
[2009/02/01 16:09:40 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\pcouffin.cat
[2009/02/01 16:09:40 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\pcouffin.inf
[2009/01/21 17:34:04 | 00,000,136 | -H-- | C] () -- C:\Documents and Settings\Serie\Application Data\lakerda1967.sys
[2009/01/21 17:33:56 | 00,010,584 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\docXConverter (3).ini
[2008/12/12 19:23:36 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/13 23:42:00 | 00,000,123 | ---- | C] () -- C:\WINDOWS\imdw.ini
[2008/09/29 05:32:52 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\winscp.rnd
[2008/09/28 15:21:46 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Serie\Local Settings\Application Data\PUTTY.RND
[2008/08/01 21:06:52 | 00,001,341 | ---- | C] () -- C:\WINDOWS\ccatalog.INI
[2008/06/20 17:50:53 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2008/06/20 17:22:53 | 00,042,496 | ---- | C] () -- C:\Documents and Settings\Serie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/20 17:22:53 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Serie\Local Settings\Application Data\fusioncache.dat
[2008/06/20 17:03:40 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\PFP100JPR.{PB
[2008/06/20 17:03:40 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\PFP100JCM.{PB
[2008/05/10 08:36:10 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/02/20 12:59:06 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2007/10/02 15:09:16 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/07/21 17:45:12 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/05/11 20:04:58 | 00,004,788 | ---- | C] () -- C:\Program Files\serie.php
[2007/04/10 07:48:13 | 00,001,579 | ---- | C] () -- C:\Program Files\index.php
[2007/01/25 10:31:36 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/12/24 01:28:04 | 00,009,660 | ---- | C] () -- C:\Program Files\help.htm
[2006/11/04 17:28:16 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/22 11:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 11:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 11:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 11:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 11:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/11 19:59:39 | 00,000,072 | ---- | C] () -- C:\WINDOWS\WB.ini
[2006/08/02 20:46:03 | 00,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2006/08/02 20:46:02 | 00,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/08/02 20:46:02 | 00,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/01/06 09:06:43 | 00,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2006/01/06 01:05:12 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/12/21 03:42:08 | 02,637,824 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005/12/21 03:42:08 | 00,428,032 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005/12/21 03:42:08 | 00,399,872 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2005/12/21 03:42:08 | 00,353,280 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2005/12/21 03:42:08 | 00,228,352 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2005/12/21 03:42:08 | 00,205,312 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005/12/21 03:42:08 | 00,171,008 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2005/12/21 03:42:08 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2005/12/21 03:42:08 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2005/12/21 03:42:08 | 00,124,928 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005/12/21 03:42:08 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2005/12/21 03:42:08 | 00,113,664 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2005/12/21 03:42:08 | 00,103,424 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2005/12/21 03:42:08 | 00,092,672 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2005/12/21 03:42:08 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2005/12/21 03:42:08 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2005/04/23 17:18:36 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/23 17:09:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PCCBrows.INI
[2005/02/23 20:39:42 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2005/02/08 16:25:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/22 16:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/04/29 17:00:00 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2004/03/28 23:07:23 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2004/03/28 23:04:13 | 00,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2004/03/01 17:40:40 | 00,006,936 | ---- | C] () -- C:\WINDOWS\Go Screensaver.ini
[2004/01/05 16:56:11 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2004/01/02 17:22:08 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/01/01 16:38:07 | 00,345,088 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll
[2003/12/26 01:45:02 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003/12/17 03:08:28 | 00,000,666 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/11/16 02:48:02 | 00,909,312 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/11/16 02:48:00 | 01,060,864 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/11/15 09:54:18 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/10/19 11:23:33 | 01,036,800 | ---- | C] () -- C:\WINDOWS\System32\libmpeg-1.0.0.dll
[2003/10/19 11:23:33 | 00,987,136 | ---- | C] () -- C:\WINDOWS\System32\liboggvorbis-1.0.0.dll
[2003/10/19 11:23:33 | 00,696,832 | ---- | C] () -- C:\WINDOWS\System32\libmcl-2.8.0.dll
[2003/10/03 10:10:14 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003/10/03 10:10:14 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2003/10/03 10:10:13 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2003/09/29 15:37:53 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/09/29 15:02:14 | 00,000,092 | ---- | C] () -- C:\WINDOWS\SC_CWADA.INI
[2003/09/26 16:20:04 | 00,000,596 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2003/09/13 20:45:13 | 00,000,000 | ---- | C] () -- C:\Program Files\stats.txt
[2003/09/13 20:45:07 | 00,197,712 | ---- | C] () -- C:\Program Files\Uninst.isu
[2003/09/13 20:44:24 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2003/09/13 18:46:20 | 00,002,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/09/13 07:34:52 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2003/09/02 14:07:33 | 00,000,045 | ---- | C] () -- C:\WINDOWS\AKCHNIMN.ini
[2003/08/19 20:58:10 | 00,002,728 | ---- | C] () -- C:\WINDOWS\universe_plugin.ini
[2003/08/07 12:01:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/07/28 13:19:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/07/28 13:19:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/07/14 22:07:24 | 00,000,349 | ---- | C] () -- C:\WINDOWS\NJWIN.INI
[2003/06/22 17:17:44 | 00,000,040 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/05/18 20:05:13 | 00,030,720 | ---- | C] () -- C:\WINDOWS\System32\BnetAuth.dll
[2003/05/16 09:05:01 | 00,000,023 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2003/04/10 04:35:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 04:21:36 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/10 01:51:07 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/10 01:51:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/04/10 00:32:34 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/04/10 00:32:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/10 00:06:10 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/10 00:03:38 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/10 00:03:38 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/09 23:57:15 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/09 23:57:04 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/09 23:16:44 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/09 22:44:58 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/09 22:44:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/09 22:44:29 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/09 22:23:21 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/09 22:05:45 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/19 16:50:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/11/27 04:30:32 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/10/15 15:54:04 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/10/06 15:42:58 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/05/24 08:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 08:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/08/14 18:47:08 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll
[2000/10/30 11:04:00 | 00,000,209 | ---- | C] () -- C:\WINDOWS\Ic32.ini
[1999/07/06 17:00:00 | 00,000,006 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D81EDBF9-D167-4011-B77D-211DF920EB80
[1999/01/22 11:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/18 00:00:00 | 01,672,976 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/06/18 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 00:00:00 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/06/18 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Files - Unicode (All) ==========
[2009/11/28 08:04:04 | 24,717,6841 | ---- | M] ()(C:\Documents and Settings\Serie\Desktop\11eyes-?????????-.rar) -- C:\Documents and Settings\Serie\Desktop\11eyes-罪と罰と贖いの少女-.rar
[2009/11/28 07:57:20 | 24,717,6841 | ---- | C] ()(C:\Documents and Settings\Serie\Desktop\11eyes-?????????-.rar) -- C:\Documents and Settings\Serie\Desktop\11eyes-罪と罰と贖いの少女-.rar
[2009/07/29 20:54:45 | 00,000,683 | ---- | M] ()(C:\Documents and Settings\Serie\My Documents\?????????.csv) -- C:\Documents and Settings\Serie\My Documents\新規チェックリスト.csv
[2009/07/29 20:54:45 | 00,000,683 | ---- | C] ()(C:\Documents and Settings\Serie\My Documents\?????????.csv) -- C:\Documents and Settings\Serie\My Documents\新規チェックリスト.csv
[2008/06/20 17:09:52 | 00,001,631 | ---- | C] ()(C:\Documents and Settings\Serie\Desktop\Ef ????.lnk) -- C:\Documents and Settings\Serie\Desktop\Ef クロック.lnk
[2007/12/14 14:52:04 | 00,001,631 | ---- | M] ()(C:\Documents and Settings\Serie\Desktop\Ef ????.lnk) -- C:\Documents and Settings\Serie\Desktop\Ef クロック.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\halloween trick.PSD:SummaryInformation
@Alternate Data Stream - 287 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6686D8
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48A9EADC
< End of report >


Extras.txt

OTL Extras logfile created on: 12/9/2009 12:10:20 PM - Run 1
OTL by OldTimer - Version 3.1.12.0 Folder = C:\Documents and Settings\Serie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 59.81% Memory free
2.11 Gb Paging File | 1.66 Gb Available in Paging File | 78.70% Paging File free
Paging file location(s): C:\pagefile.sys 768 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.27 Gb Total Space | 10.04 Gb Free Space | 9.36% Space Free | Partition Type: NTFS
Drive D: | 4.53 Gb Total Space | 0.77 Gb Free Space | 16.95% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IVAN
Current User Name: Serie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3874153118-2467180674-3659626198-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [open_x2] -- "C:\Program Files\zabkat\xplorer2\xplorer2_uc.exe" /1 /M /T "%1" (ZabKat)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
"2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Enabled:BackWeb-137903 -- ()
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\FileZilla\FileZilla.exe" = C:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla -- (FileZilla Project)
"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus -- (SpeedBit Ltd.)
"C:\Starcraft\starcraft.exe" = C:\Starcraft\starcraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\OroBaduk\OrO20.exe" = C:\Program Files\OroBaduk\OrO20.exe:*:Enabled:OrO20 -- ()
"C:\sysreset\mirc.exe" = C:\sysreset\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Share\Share.exe" = C:\Program Files\Share\Share.exe:*:Enabled:Share -- ()
"C:\Program Files\Trickster Online\Splash.exe" = C:\Program Files\Trickster Online\Splash.exe:*:Enabled:Trickster Online -- ()
"C:\Starcraft\SCXE Start.exe" = C:\Starcraft\SCXE Start.exe:*:Enabled:0 - StarCraft X-tra Editor - Launch Wizard -- (Camelot Systems)
"C:\SoftImage\XSI_7.0\Application\bin\XSI.exe" = C:\SoftImage\XSI_7.0\Application\bin\XSI.exe:*:Disabled:XSI -- (Softimage Co.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- (portforward.com)
"C:\Program Files\Persona\Persona.exe" = C:\Program Files\Persona\Persona.exe:*:Enabled:Persona -- (CDNetworks Co.,Ltd)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\Acoustica Mixcraft\Mixcraft4.exe" = C:\Program Files\Acoustica Mixcraft\Mixcraft4.exe:*:Disabled:Mixcraft 4 -- (Acoustica, Inc)
"C:\Documents and Settings\Serie\Desktop\SC2-battlereport-4_ESRB-downloader.exe" = C:\Documents and Settings\Serie\Desktop\SC2-battlereport-4_ESRB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe" = C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{005E738B-5A0A-4483-A900-877D183A8F45}_is1" = BlindWrite 6
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05DC6B8D-4456-4CA6-8DE7-086106D7ED56}" = Digimax i5
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{150C6C87-D187-4105-BF7A-090378D7AE2A}" = Nokia Ovi Suite
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18B5996A-643E-4176-9BEB-27C45C9F1FC3}" = Nokia Map Loader
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Productivity Pack
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}" = PerfectDisk 2008 Professional
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{31EFCF55-4D14-4796-B5F5-BBB58E9B5BBC}" = SOFTIMAGE XSI 7.0
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E90FA5-2CB4-4039-A8BB-BE1B9DB94E21}" = HP Memories Disc
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{4038EAF0-6F8E-4068-88F6-A417958B8AC5}" = PDF Manual NW-E010 Series
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}" = HP Digital Imaging Album Printing 1.0
"{48BD24F5-13DE-493A-A7CE-28A85113FF0C}" = HP Deskjet printer preloaded drivers
"{4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}" = Nokia Ovi One Touch Access
"{4F5FC172-F0E7-4EA5-902F-8D005DF9F000}" = HP Photo and Imaging 1.2 - Photosmart Cameras
"{4FCC384C-18EA-4E25-9281-A06AE006D219}" = Weblink
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51E43DA1-CAEA-4264-9BB8-3F47ED57E2A4}" = TI InterActive!
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CC86AA7-3D8F-4E40-AC37-ADBA0F4B5819}" = Terragen
"{60E80B13-8649-4A69-85E2-1AE99E061F43}" = ShowBiz DVD
"{60E971B7-51A0-48CA-8687-C6B8F094A409}" = Simple Backup for My Pictures
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6A8A3B60-52B4-437F-9281-D63930B42535}" = AudioAlchemy MP3 Edition
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72E3FF67-450F-4ADD-99A7-4147780F6C7B}_is1" = Shaw Support 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DE258A5-9085-4C94-9BDA-9539ED0D0F6A}" = openCanvas4.5.17e Plus
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E88DAA4-1352-4272-BA3A-897668408400}" = HP Photosmart printers preloaded drivers
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AC76BA86-7AD7-5670-0000-7E8A45000001}" = Adobe Reader Korean Fonts
"{AC76BA86-7AD7-5A76-5A64-7E8A45000001}" = Adobe Reader Japanese Fonts
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0B49C20-D2D1-437B-80F0-C2298F5DCD2B}" = Nokia Photos
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{B6B69D92-6CD8-4086-8D1D-7945BDA4AE5A}" = F4100_Help
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA63612E-0458-416A-ADCD-B2349194F20F}" = Creative Zen Nano Plus
"{BBAB8CE2-6AE2-497C-A745-67A61134E72C}" = PIF DESIGNER2.1
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}" = HP Smart Web Printing
"{BEC99D86-1D70-4AB8-8D15-E116392F9B7D}" = Nokia Music
"{C0608AE3-FAFD-4702-A79C-67CC6A2F71B7}" = OroBaduk
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C2230B7B-379C-4961-83E6-286941762F27}" = S60 3rd Edition SDK for Symbian OS, Supporting Feature Pack 1, for MIDP
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C7CDB2AC-A0AB-4D83-B046-187E24D9EA68}" = Nokia Ovi System Utilities
"{C9D88AF8-7B0A-4200-BFBC-7827A7535096}" = F4100_doccd
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype・4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2975B11-82F4-47D9-A0AC-99E36A0E9ECB}" = SOFTIMAGE License Server 1.1.11.1502
"{D353C323-5E95-4873-9825-9FEC1C8A3794}" = Nokia Download!
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF15059E-A356-47B2-B14B-6380ED32AB68}" = Microsoft Baseline Security Analyzer 1.2.1
"{E144A786-D2DD-428B-9C1A-0EE3FA3515EA}" = Rappelz_USA
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8FED11D-3584-4a72-8B26-E0951B655797}" = F4100
"{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}" = Nokia Software Updater
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ABC286C-DE10-4590-BEFF-4D0DFF5EA1EC" = GemMaster 3 from Hewlett-Packard Desktops (remove only)
"28BA89E7-2F60-4BE7-BAA2-7949EB3FE527" = BlasterBall Wild from Hewlett-Packard Desktops (remove only)
"357ECB62-CD36-4B63-B57E-769D0CA174F4" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"4F0AE1FB-4082-4A27-8363-05D292D92FB0" = Virtual Warfare from Hewlett-Packard Desktops (remove only)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5415BC25-6D6C-46C4-B34C-EA8470FE56D5" = Blackhawk Striker from Hewlett-Packard Desktops (remove only)
"63272979-21F0-48EF-9B97-A83DBC05BE39" = Disney`s Lilo and Stitch Pinball from Hewlett-Packard Desktops (remove only)
"753FE96B-D926-4B6C-BCFB-CC59153D004A" = Snowboard Extreme from Hewlett-Packard Desktops (remove only)
"7841B68B-B7DD-408E-8B45-D5CA39608185" = Dark Orbit from Hewlett-Packard Desktops (remove only)
"7-Zip" = 7-Zip 4.57
"8461-7759-5462-8226" = Vuze
"8c9c48d7-2d03-4a1f-a303-5bd22ccabae1" = RingMaster from Hewlett-Packard Desktops (remove only)
"9FA01E11-9015-4140-B10A-5C6AA949B2FC" = Space Rocks from Hewlett-Packard Desktops (remove only)
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft" = Acoustica Mixcraft
"Acoustica Mixcraft 4.2" = Acoustica Mixcraft 4.2
"Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Advanced Grapher_is1" = Advanced Grapher 2.08
"AIM_6" = AIM 6
"AOL Instant Messenger" = AOL Instant Messenger
"ArcSoft Software Suite" = ArcSoft Picture Software
"AsUninst.exe" = Anvil Studio
"Audacity_is1" = Audacity 1.2.6
"AudioAlchemy MP3 Edition" = AudioAlchemy MP3 Edition
"AVG8Uninstall" = AVG 8.5
"Azureus" = Azureus
"BackWeb-137903 Uninstaller" = Updates from HP
"CCleaner" = CCleaner (remove only)
"CLANNAD" = CLANNAD スクリーンセーバー
"CloneCD" = CloneCD
"CobBackup9" = Cobian Backup 9
"DC" = D.C. ~ダ・カーポ~
"Defraggler" = Defraggler (remove only)
"DF479CEA-34C0-460F-9B56-93BCE4CD4086" = Excavation from Hewlett-Packard Desktops (remove only)
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"DSMT5" = MathType 5
"ef デスクトップアクセサリ_is1" = ef デスクトップアクセサリ
"eMule" = eMule
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.2.4.1
"FlashGet" = FlashGet 1.9.6.1073
"FLVPlayer" = FLV Player 1.3.3
"foobar2000" = foobar2000 v0.9.6.3
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.2
"GREEN ~秋空のスクリーン~" = GREEN ~秋空のスクリーン~
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"hp instant support" = HP Instant Support
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPTOOLKIT" = toolkit
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InFlac" = InFlac 1.1.1
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"IsoBuster_is1" = IsoBuster 2.4
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Full)
"LastFM_is1" = Last.fm 1.5.4.24567
"LG USB Booster_is1" = Booster 1.03
"LUNA_US_090414" = LUNA Online v1.0.0
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"mIRC" = mIRC
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mumble" = Mumble and Murmur
"MuVo Driver" = Creative Mass Storage Drivers
"Neat Image_is1" = Neat Image v5 Demo
"NetLimiter 2 Pro" = NetLimiter 2 Pro (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3011
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3014
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Panda ActiveScan" = Panda ActiveScan
"Pangya" = Pangya (Ntreev USA)
"Persona" = Hybrid Downloader 1,0,2,6
"PFPortChecker" = PFPortChecker 1.0.28
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealPlayer
"Registry Repair_is1" = Registry Repair 2.3
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"Sandboxie" = Sandboxie 3.38
"Shaw Internet Update_is1" = Shaw Internet Update 3.0
"SpamSubtract" = SpamSubtract
"ST6UNST #1" = StarForge
"Starcraft" = Starcraft
"StealthBot v2.6 Revision 3" = StealthBot v2.6 Revision 3 (remove only)
"StepMania" = StepMania (remove only)
"SubtitDS" = DirectShow subtitle filter colleciton (remove only)
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Tablet Driver" = Tablet
"The Core Media Player" = The Core Media Player 4.0
"Trickster Online" = Trickster Online
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Tweak UI 2.10" = Tweak UI
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Uninstall_is1" = Uninstall 1.0.0.1
"Universe Image Creator Plug-ins_is1" = Universe Image Creator Plug-ins
"Unlocker" = Unlocker 1.8.7
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WeatherBug" = WeatherBug
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"Winamp" = Winamp
"Winamp Japanese Language Pack_is1" = Winamp Japanese Language Pack 0.2
"WindowBlinds" = WindowBlinds
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Productivity Pack" = WordPerfect Productivity Pack
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xmlbar Ku6Downloader" = Ku6 Downloader(xmlbar)(remove only)
"xplorer2p" = xplorer² professional
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YunaSoft SexyFont Plug-in for Winamp" = YunaSoft SexyFont Plug-in 2000 for Winamp (remove only)
"Zero Assumption Disk Space Visualizer_is1" = Zero Assumption Disk Space Visualizer 1.2
"山百合連弾-LilianFourhand-" = 山百合連弾-LilianFourhand- アンインストール

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3874153118-2467180674-3659626198-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CGoban 3" = CGoban 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/29/2009 12:27:37 AM | Computer Name = IVAN | Source = Application Error | ID = 1000
Description = Faulting application PD91Agent.exe, version 9.0.0.76, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/29/2009 12:28:19 AM | Computer Name = IVAN | Source = Application Error | ID = 1000
Description = Faulting application nmindexstoresvr.exe, version 3.3.3.0, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 11/29/2009 12:36:02 AM | Computer Name = IVAN | Source = SPM_syslog | ID = 4100
Description = SPM_ERROR (C:\spm\spmdib.exe): Can't get display name for service:
"SPM License Server" (The specified service does not exist as an installed service.)


Error - 11/29/2009 12:37:00 AM | Computer Name = IVAN | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01f41596.

Error - 11/29/2009 12:39:54 AM | Computer Name = IVAN | Source = SPM_syslog | ID = 4100
Description = SPM_ERROR (C:\spm\spmdib.exe): Can't get display name for service:
"SPM License Server" (The specified service does not exist as an installed service.)


Error - 11/29/2009 12:42:05 AM | Computer Name = IVAN | Source = Application Error | ID = 1000
Description = Faulting application PD91Agent.exe, version 9.0.0.76, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/29/2009 12:43:19 AM | Computer Name = IVAN | Source = Application Error | ID = 1000
Description = Faulting application nmindexstoresvr.exe, version 3.3.3.0, faulting
module unknown, version 0.0.0.0, fault address 0x006421ba.

Error - 12/9/2009 3:02:36 PM | Computer Name = IVAN | Source = SPM_syslog | ID = 4100
Description = SPM_ERROR (C:\spm\spmdib.exe): Can't get display name for service:
"SPM License Server" (The specified service does not exist as an installed service.)


Error - 12/9/2009 3:03:41 PM | Computer Name = IVAN | Source = Application Error | ID = 1000
Description = Faulting application ps2.exe, version 1.0.2.1, faulting module ps2.exe,
version 1.0.2.1, fault address 0x00003383.

Error - 12/9/2009 3:04:44 PM | Computer Name = IVAN | Source = Application Error | ID = 1000
Description = Faulting application PD91Agent.exe, version 9.0.0.76, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 11/14/2009 7:52:10 PM | Computer Name = IVAN | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom2, has a bad block.

Error - 11/14/2009 7:52:11 PM | Computer Name = IVAN | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom2, has a bad block.

Error - 11/14/2009 7:52:12 PM | Computer Name = IVAN | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom2, has a bad block.

Error - 11/14/2009 7:52:13 PM | Computer Name = IVAN | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom2, has a bad block.

Error - 11/14/2009 7:52:14 PM | Computer Name = IVAN | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom2, has a bad block.

Error - 11/14/2009 7:52:15 PM | Computer Name = IVAN | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom2, has a bad block.

Error - 11/14/2009 7:52:16 PM | Computer Name = IVAN | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom2, has a bad block.

Error - 11/14/2009 7:52:17 PM | Computer Name = IVAN | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom2, has a bad block.

Error - 11/14/2009 7:52:18 PM | Computer Name = IVAN | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom2, has a bad block.

Error - 11/14/2009 7:52:18 PM | Computer Name = IVAN | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom2, has a bad block.


< End of report >

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:31 PM

Posted 09 December 2009 - 06:24 PM

Hi sei,

  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

Edited by syler, 09 December 2009 - 06:24 PM.

unite.jpg


#5 Sei

Sei
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 09 December 2009 - 07:21 PM

I turned off my AVG resident shield and closed as many programs as I could but am not able to get a complete scan. GMER runs for a few seconds and begins to scan then freezes and crashes, much like MBAM, although MBAM just disappears while GMER crashes with a windows error message reading "ud0x185h.exe (GMER) has encountered a problem and needs to close."

If this provides any extra information, it gets close to the end of SYSTEM\CurrentControlSet\Services, around the W's or {'s names before crashing, which occurs in about 3-5 seconds.

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:31 PM

Posted 10 December 2009 - 08:22 AM

Ok lets try something else.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    Link 1
    Link 2
    Link 3

    Posted Image


    Posted Image
    --------------------------------------------------------------------
  • Double click on Syler.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt .

unite.jpg


#7 Sei

Sei
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 10 December 2009 - 11:22 AM

That one run just fine :( Here's the log

Attached Files



#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:31 PM

Posted 10 December 2009 - 12:40 PM

Your logs are showing a possible Rootkit infection, I would like to try and get a Gmer log again to confirm this.


Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


Then please try running Gmer again, this time untick the following boxes on the right side of the Gmer screen.

Sections
IAT/EAT
Show All

unite.jpg


#9 Sei

Sei
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 10 December 2009 - 12:56 PM

I ran defogger and it completed successfully.

I tried GMER again but it still crashed the same as before. I located the microsoft error report generated and will attach it here in case that might contain some useful information.

Attached Files



#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:31 PM

Posted 10 December 2009 - 01:05 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT
  • Then click the Run Scan button at the top
  • Let the program run unhindered.
  • You will get a log that shows the results of the scan. Please post it.

unite.jpg


#11 Sei

Sei
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 10 December 2009 - 02:06 PM

Ever since I ran CF, my Nvidia graphics card is showing a message stating that there is not enough power being supplied to the card. Is this normal?

Here's the results from the OTL scan:

OTL logfile created on: 12/9/2009 12:10:19 PM - Run 1
OTL by OldTimer - Version 3.1.12.0 Folder = C:\Documents and Settings\Serie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 59.81% Memory free
2.11 Gb Paging File | 1.66 Gb Available in Paging File | 78.70% Paging File free
Paging file location(s): C:\pagefile.sys 768 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.27 Gb Total Space | 10.04 Gb Free Space | 9.36% Space Free | Partition Type: NTFS
Drive D: | 4.53 Gb Total Space | 0.77 Gb Free Space | 16.95% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IVAN
Current User Name: Serie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/09 12:01:48 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Serie\Desktop\OTL.exe
PRC - [2009/11/26 08:36:10 | 02,029,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/09/30 19:58:42 | 00,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/07/31 07:27:57 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/31 07:27:56 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/07/31 07:27:48 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/07/31 07:27:45 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/07/31 07:27:36 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/01 09:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/05/28 06:32:28 | 00,380,416 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2009/05/28 06:32:26 | 00,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2008/08/05 11:19:36 | 00,417,792 | ---- | M] (mental images GmbH) -- C:\spm\spmdib.exe
PRC - [2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 18:07:58 | 01,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/02/28 18:07:48 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
PRC - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/15 21:23:15 | 01,073,152 | ---- | M] () -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe
PRC - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/04/10 13:24:20 | 00,049,220 | ---- | M] (Samsung) -- C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
PRC - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/06/17 13:35:50 | 00,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/06/17 13:00:46 | 00,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/04/23 14:00:48 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/09/07 12:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2003/02/21 04:07:06 | 00,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
PRC - [2003/02/21 03:50:10 | 00,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2003/02/11 19:02:48 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2002/04/17 17:49:16 | 00,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 17:42:56 | 00,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [1998/05/07 16:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/12/09 12:01:48 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Serie\Desktop\OTL.exe
MOD - [2005/11/28 12:57:10 | 00,512,090 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll
MOD - [2004/09/18 14:37:00 | 00,028,740 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/31 07:27:48 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/07/31 07:27:36 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/28 06:32:26 | 00,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/03/16 17:39:00 | 02,800,669 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/12/31 13:12:44 | 00,910,600 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe -- (PD91Engine)
SRV - [2008/12/31 13:12:40 | 00,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe -- (PD91Agent)
SRV - [2008/11/11 09:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/08/05 11:19:36 | 00,417,792 | ---- | M] (mental images GmbH) -- C:\spm\spmdib.exe -- (spmd)
SRV - [2008/02/28 18:07:48 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/03/21 11:57:56 | 00,516,096 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe -- (nlsvc)
SRV - [2007/03/11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/03/11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/02/05 09:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 09:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/25 10:31:34 | 00,093,048 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/25 14:55:58 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/12/14 01:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/06/17 13:00:46 | 00,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2005/05/07 14:34:39 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2003/02/21 04:07:06 | 00,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)


========== Driver Services (SafeList) ==========

DRV - [2009/07/31 07:27:56 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/07/31 07:27:56 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/28 06:32:24 | 00,108,032 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/04/30 07:09:05 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/04/30 07:09:01 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/03/19 12:48:18 | 00,136,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/03/19 12:48:12 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/02/09 06:37:56 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 06:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 06:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 06:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/02/01 16:10:02 | 00,094,208 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay)
DRV - [2009/02/01 16:09:40 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/08/28 13:16:40 | 00,071,184 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\system32\drivers\DefragFS.sys -- (DefragFS)
DRV - [2008/08/26 09:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 12:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2008/04/13 11:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/02/20 12:47:34 | 00,027,936 | ---- | M] (RapidSolution Software AG) -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/07 07:18:54 | 00,007,936 | R--- | M] (Initio Corporation) -- C:\WINDOWS\system32\drivers\inidvd.sys -- (INIDVD)
DRV - [2007/04/23 04:03:04 | 00,082,200 | ---- | M] (Locktime Software) -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2007/03/07 21:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/03/07 21:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/03/07 21:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (Cptiquisaic)
DRV - [2007/03/07 21:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2007/02/27 11:39:26 | 00,032,256 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/01/25 10:31:34 | 00,042,000 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/10/22 11:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/10/10 12:53:48 | 00,005,632 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/04/09 22:02:18 | 00,162,816 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt25usbap.sys -- (RT25USBAP)
DRV - [2006/02/16 16:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/05/03 08:34:02 | 00,027,392 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/04/21 04:40:36 | 00,010,624 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2004/10/07 18:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 09:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/22 15:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 15:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/08/03 22:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:51 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/03/14 01:14:28 | 00,112,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/03/14 01:14:16 | 00,078,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/03/14 01:13:04 | 00,090,395 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2003/03/07 22:13:22 | 00,624,369 | ---- | M] (LT) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/26 19:19:50 | 00,260,736 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/02/22 19:55:26 | 00,141,824 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2002/12/27 11:41:00 | 00,026,880 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/12/24 22:09:48 | 00,030,848 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/21 10:21:00 | 00,082,784 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\System32\DRIVERS\drvmcdb.sys -- (drvmcdb)
DRV - [2002/10/01 08:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/06 18:24:00 | 00,013,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002/08/29 12:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/06/04 13:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/04/09 13:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007\S-1-5-21-3874153118-2467180674-3659626198-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007\S-1-5-21-3874153118-2467180674-3659626198-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/04/09 16:52:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/28 16:24:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/28 16:24:27 | 00,000,000 | ---D | M]

[2008/06/20 17:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Extensions
[2009/11/27 21:04:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions
[2009/06/20 08:13:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2009/09/05 18:32:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/15 01:17:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2008/06/20 17:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}
[2009/11/21 08:25:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/06/20 17:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\videodowloader@videodownloader.net
[2009/11/27 21:04:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/12/05 21:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - Reg Error: Value error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk = C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (interMute, Inc.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe File not found
O4 - Startup: C:\Documents and Settings\Serie\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Serie\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Serie\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67105791
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 50320383
O7 - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3874153118-2467180674-3659626198-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1180790481218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8464.9536689815 (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O20 - Winlogon\Notify\WBSrv: DllName - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/02 19:41:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/02 19:33:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{68185e30-b5e1-11dc-9993-000c6e914d85}\Shell - "" = AutoRun
O33 - MountPoints2\{68185e30-b5e1-11dc-9993-000c6e914d85}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{68185e30-b5e1-11dc-9993-000c6e914d85}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/09 12:09:54 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Serie\Desktop\OTL.exe
[2009/11/28 20:53:00 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2009/11/28 16:28:11 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Serie\Recent
[2009/11/27 07:36:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Serie\Desktop\Bleach_383[SleepyFans]
[2009/11/19 20:58:09 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/11/19 20:58:08 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/11/19 20:58:08 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/11/19 20:58:01 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/11/15 15:09:32 | 00,000,000 | ---D | C] -- C:\Program Files\WiFiConnector
[2009/11/13 07:02:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Serie\Desktop\Bleach_382_[SS]
[2009/02/01 16:10:02 | 00,094,208 | ---- | C] (VSO Software) -- C:\Documents and Settings\Serie\Application Data\ezplay.sys
[2009/02/01 16:09:40 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Serie\Application Data\pcouffin.sys
[2006/12/24 01:28:04 | 01,706,800 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll
[2006/12/24 01:28:04 | 00,239,224 | ---- | C] (Microsoft Corporation) -- C:\Program Files\unicows.dll
[2005/07/03 20:04:33 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2005/07/03 20:04:33 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/09 12:03:31 | 00,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/12/09 12:03:28 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/09 12:03:14 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/09 12:02:39 | 00,000,336 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2009/12/09 12:02:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/09 12:02:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/09 12:02:26 | 16,100,10624 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/09 12:01:48 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Serie\Desktop\OTL.exe
[2009/11/30 07:03:12 | 15,204,352 | ---- | M] () -- C:\Documents and Settings\Serie\NTUSER.DAT
[2009/11/28 17:03:57 | 00,292,352 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\qtkkq83s.exe
[2009/11/28 17:00:50 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 16:24:31 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/28 15:56:11 | 00,019,508 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\Miki Fujimoto - Zoomin & Mezamado 20091127.avi.torrent
[2009/11/28 15:50:53 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/28 08:33:22 | 45,855,703 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/28 07:22:28 | 00,015,511 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\Sayumi Michishige -Mecha Mecha Iketeru 20091128.avi.torrent
[2009/11/28 00:26:56 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\Serie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/27 16:32:30 | 00,105,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/26 19:36:25 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/26 19:36:25 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/11/19 20:04:23 | 07,428,398 | -H-- | M] () -- C:\Documents and Settings\Serie\Local Settings\Application Data\IconCache.db
[2009/11/18 16:29:04 | 13,271,714 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\Big_Bang_-_Haru_Haru__ENGLISH_SUBBED_.flv
[2009/11/18 07:10:10 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\Dream notes.doc
[2009/11/17 22:58:34 | 04,243,389 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\Fireflies (Lady GayGay Remix).m4a
[2009/11/15 15:09:41 | 00,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
[2009/11/13 18:13:40 | 09,544,474 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\CHEAT.db
[2009/11/12 20:30:37 | 01,752,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 23:59:32 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\You.doc
[2009/11/11 19:21:11 | 00,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2009/11/11 18:45:27 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\MLSCI 230 Case Study Logbook.doc
[2009/11/10 23:31:12 | 00,000,280 | ---- | M] () -- C:\WINDOWS\System32\PDBootState
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/28 17:03:50 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\qtkkq83s.exe
[2009/11/28 16:53:44 | 16,100,10624 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/28 15:56:10 | 00,019,508 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\Miki Fujimoto - Zoomin & Mezamado 20091127.avi.torrent
[2009/11/28 07:22:27 | 00,015,511 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\Sayumi Michishige -Mecha Mecha Iketeru 20091128.avi.torrent
[2009/11/26 19:36:25 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/11/26 19:36:25 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/11/19 20:58:10 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/19 20:58:09 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/11/19 20:58:07 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/19 20:58:06 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/19 20:58:03 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/19 20:58:03 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/11/18 16:25:04 | 13,271,714 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\Big_Bang_-_Haru_Haru__ENGLISH_SUBBED_.flv
[2009/11/17 22:58:33 | 04,243,389 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\Fireflies (Lady GayGay Remix).m4a
[2009/11/15 15:09:41 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
[2009/11/13 18:13:39 | 09,544,474 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\CHEAT.db
[2009/11/11 23:35:09 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\You.doc
[2009/11/11 19:21:11 | 00,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2009/11/11 17:50:57 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\MLSCI 230 Case Study Logbook.doc
[2009/06/27 23:19:54 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/06/02 21:47:53 | 00,002,580 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/02/24 22:56:33 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2009/02/08 00:36:43 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/01 16:10:18 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\ezplay.log
[2009/02/01 16:10:02 | 00,007,861 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\ezplay.cat
[2009/02/01 16:10:02 | 00,001,103 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\ezplay.inf
[2009/02/01 16:10:02 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\ezplay.ini
[2009/02/01 16:10:00 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\pcouffin.log
[2009/02/01 16:09:40 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\pcouffin.cat
[2009/02/01 16:09:40 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\pcouffin.inf
[2009/01/21 17:34:04 | 00,000,136 | -H-- | C] () -- C:\Documents and Settings\Serie\Application Data\lakerda1967.sys
[2009/01/21 17:33:56 | 00,010,584 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\docXConverter (3).ini
[2008/12/12 19:23:36 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/13 23:42:00 | 00,000,123 | ---- | C] () -- C:\WINDOWS\imdw.ini
[2008/09/29 05:32:52 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\winscp.rnd
[2008/09/28 15:21:46 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Serie\Local Settings\Application Data\PUTTY.RND
[2008/08/01 21:06:52 | 00,001,341 | ---- | C] () -- C:\WINDOWS\ccatalog.INI
[2008/06/20 17:50:53 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2008/06/20 17:22:53 | 00,042,496 | ---- | C] () -- C:\Documents and Settings\Serie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/20 17:22:53 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Serie\Local Settings\Application Data\fusioncache.dat
[2008/06/20 17:03:40 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\PFP100JPR.{PB
[2008/06/20 17:03:40 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\PFP100JCM.{PB
[2008/05/10 08:36:10 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/02/20 12:59:06 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2007/10/02 15:09:16 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/07/21 17:45:12 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/05/11 20:04:58 | 00,004,788 | ---- | C] () -- C:\Program Files\serie.php
[2007/04/10 07:48:13 | 00,001,579 | ---- | C] () -- C:\Program Files\index.php
[2007/01/25 10:31:36 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/12/24 01:28:04 | 00,009,660 | ---- | C] () -- C:\Program Files\help.htm
[2006/11/04 17:28:16 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/22 11:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 11:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 11:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 11:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 11:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/11 19:59:39 | 00,000,072 | ---- | C] () -- C:\WINDOWS\WB.ini
[2006/08/02 20:46:03 | 00,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2006/08/02 20:46:02 | 00,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/08/02 20:46:02 | 00,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/01/06 09:06:43 | 00,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2006/01/06 01:05:12 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/12/21 03:42:08 | 02,637,824 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005/12/21 03:42:08 | 00,428,032 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005/12/21 03:42:08 | 00,399,872 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2005/12/21 03:42:08 | 00,353,280 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2005/12/21 03:42:08 | 00,228,352 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2005/12/21 03:42:08 | 00,205,312 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005/12/21 03:42:08 | 00,171,008 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2005/12/21 03:42:08 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2005/12/21 03:42:08 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2005/12/21 03:42:08 | 00,124,928 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005/12/21 03:42:08 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2005/12/21 03:42:08 | 00,113,664 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2005/12/21 03:42:08 | 00,103,424 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2005/12/21 03:42:08 | 00,092,672 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2005/12/21 03:42:08 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2005/12/21 03:42:08 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2005/04/23 17:18:36 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/23 17:09:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PCCBrows.INI
[2005/02/23 20:39:42 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2005/02/08 16:25:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/22 16:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/04/29 17:00:00 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2004/03/28 23:07:23 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2004/03/28 23:04:13 | 00,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2004/03/01 17:40:40 | 00,006,936 | ---- | C] () -- C:\WINDOWS\Go Screensaver.ini
[2004/01/05 16:56:11 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2004/01/02 17:22:08 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/01/01 16:38:07 | 00,345,088 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll
[2003/12/26 01:45:02 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003/12/17 03:08:28 | 00,000,666 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/11/16 02:48:02 | 00,909,312 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/11/16 02:48:00 | 01,060,864 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/11/15 09:54:18 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/10/19 11:23:33 | 01,036,800 | ---- | C] () -- C:\WINDOWS\System32\libmpeg-1.0.0.dll
[2003/10/19 11:23:33 | 00,987,136 | ---- | C] () -- C:\WINDOWS\System32\liboggvorbis-1.0.0.dll
[2003/10/19 11:23:33 | 00,696,832 | ---- | C] () -- C:\WINDOWS\System32\libmcl-2.8.0.dll
[2003/10/03 10:10:14 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003/10/03 10:10:14 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2003/10/03 10:10:13 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2003/09/29 15:37:53 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/09/29 15:02:14 | 00,000,092 | ---- | C] () -- C:\WINDOWS\SC_CWADA.INI
[2003/09/26 16:20:04 | 00,000,596 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2003/09/13 20:45:13 | 00,000,000 | ---- | C] () -- C:\Program Files\stats.txt
[2003/09/13 20:45:07 | 00,197,712 | ---- | C] () -- C:\Program Files\Uninst.isu
[2003/09/13 20:44:24 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2003/09/13 18:46:20 | 00,002,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/09/13 07:34:52 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2003/09/02 14:07:33 | 00,000,045 | ---- | C] () -- C:\WINDOWS\AKCHNIMN.ini
[2003/08/19 20:58:10 | 00,002,728 | ---- | C] () -- C:\WINDOWS\universe_plugin.ini
[2003/08/07 12:01:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/07/28 13:19:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/07/28 13:19:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/07/14 22:07:24 | 00,000,349 | ---- | C] () -- C:\WINDOWS\NJWIN.INI
[2003/06/22 17:17:44 | 00,000,040 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/05/18 20:05:13 | 00,030,720 | ---- | C] () -- C:\WINDOWS\System32\BnetAuth.dll
[2003/05/16 09:05:01 | 00,000,023 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2003/04/10 04:35:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 04:21:36 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/10 01:51:07 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/10 01:51:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/04/10 00:32:34 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/04/10 00:32:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/10 00:06:10 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/10 00:03:38 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/10 00:03:38 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/09 23:57:15 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/09 23:57:04 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/09 23:16:44 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/09 22:44:58 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/09 22:44:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/09 22:44:29 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/09 22:23:21 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/09 22:05:45 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/19 16:50:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/11/27 04:30:32 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/10/15 15:54:04 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/10/06 15:42:58 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/05/24 08:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 08:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/08/14 18:47:08 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll
[2000/10/30 11:04:00 | 00,000,209 | ---- | C] () -- C:\WINDOWS\Ic32.ini
[1999/07/06 17:00:00 | 00,000,006 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D81EDBF9-D167-4011-B77D-211DF920EB80
[1999/01/22 11:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/18 00:00:00 | 01,672,976 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/06/18 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 00:00:00 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/06/18 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Files - Unicode (All) ==========
[2009/11/28 08:04:04 | 24,717,6841 | ---- | M] ()(C:\Documents and Settings\Serie\Desktop\11eyes-?????????-.rar) -- C:\Documents and Settings\Serie\Desktop\11eyes-罪と罰と贖いの少女-.rar
[2009/11/28 07:57:20 | 24,717,6841 | ---- | C] ()(C:\Documents and Settings\Serie\Desktop\11eyes-?????????-.rar) -- C:\Documents and Settings\Serie\Desktop\11eyes-罪と罰と贖いの少女-.rar
[2009/07/29 20:54:45 | 00,000,683 | ---- | M] ()(C:\Documents and Settings\Serie\My Documents\?????????.csv) -- C:\Documents and Settings\Serie\My Documents\新規チェックリスト.csv
[2009/07/29 20:54:45 | 00,000,683 | ---- | C] ()(C:\Documents and Settings\Serie\My Documents\?????????.csv) -- C:\Documents and Settings\Serie\My Documents\新規チェックリスト.csv
[2008/06/20 17:09:52 | 00,001,631 | ---- | C] ()(C:\Documents and Settings\Serie\Desktop\Ef ????.lnk) -- C:\Documents and Settings\Serie\Desktop\Ef クロック.lnk
[2007/12/14 14:52:04 | 00,001,631 | ---- | M] ()(C:\Documents and Settings\Serie\Desktop\Ef ????.lnk) -- C:\Documents and Settings\Serie\Desktop\Ef クロック.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\halloween trick.PSD:SummaryInformation
@Alternate Data Stream - 287 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6686D8
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48A9EADC
< End of report >

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:31 PM

Posted 10 December 2009 - 02:21 PM

No that isn't normal although it doesn't look like something combofix has done.

You have posted the same OTL log as before can you post the new log.

Edited by syler, 10 December 2009 - 02:22 PM.

unite.jpg


#13 Sei

Sei
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 10 December 2009 - 02:37 PM

Sorry about that, here's the new one.

OTL logfile created on: 12/10/2009 11:15:27 AM - Run 2
OTL by OldTimer - Version 3.1.12.0 Folder = C:\Documents and Settings\Serie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 63.10% Memory free
2.11 Gb Paging File | 1.70 Gb Available in Paging File | 80.65% Paging File free
Paging file location(s): C:\pagefile.sys 768 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.27 Gb Total Space | 10.00 Gb Free Space | 9.32% Space Free | Partition Type: NTFS
Drive D: | 4.53 Gb Total Space | 0.77 Gb Free Space | 16.95% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IVAN
Current User Name: Serie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/09 12:01:48 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Serie\Desktop\OTL.exe
PRC - [2009/11/26 08:36:10 | 02,029,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/07/31 07:27:57 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/31 07:27:56 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/07/31 07:27:48 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/07/31 07:27:45 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/07/31 07:27:36 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/01 09:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/05/28 06:32:28 | 00,380,416 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2009/05/28 06:32:26 | 00,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2008/12/31 13:12:40 | 00,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
PRC - [2008/08/05 11:19:36 | 00,417,792 | ---- | M] (mental images GmbH) -- C:\spm\spmdib.exe
PRC - [2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 18:07:58 | 01,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/02/28 18:07:48 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
PRC - [2007/03/15 17:17:08 | 00,336,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/15 21:23:15 | 01,073,152 | ---- | M] () -- C:\Program Files\WiFiConnector\NintendoWFCReg.exe
PRC - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/04/10 13:24:20 | 00,049,220 | ---- | M] (Samsung) -- C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
PRC - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/06/17 13:35:50 | 00,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/06/17 13:00:46 | 00,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/04/23 14:00:48 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/09/07 12:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2003/02/21 04:07:06 | 00,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
PRC - [2003/02/21 03:50:10 | 00,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2003/02/11 19:02:48 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2002/04/17 17:49:16 | 00,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 17:42:56 | 00,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [1998/05/07 16:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/12/09 12:01:48 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Serie\Desktop\OTL.exe
MOD - [2005/11/28 12:57:10 | 00,512,090 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll
MOD - [2004/09/18 14:37:00 | 00,028,740 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/31 07:27:48 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/07/31 07:27:36 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/28 06:32:26 | 00,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/03/16 17:39:00 | 02,800,669 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/12/31 13:12:44 | 00,910,600 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe -- (PD91Engine)
SRV - [2008/12/31 13:12:40 | 00,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe -- (PD91Agent)
SRV - [2008/11/11 09:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/08/05 11:19:36 | 00,417,792 | ---- | M] (mental images GmbH) -- C:\spm\spmdib.exe -- (spmd)
SRV - [2008/02/28 18:07:48 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/03/21 11:57:56 | 00,516,096 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe -- (nlsvc)
SRV - [2007/03/11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/03/11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/02/05 09:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 09:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/25 10:31:34 | 00,093,048 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/25 14:55:58 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/12/14 01:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/06/17 13:00:46 | 00,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2005/05/07 14:34:39 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2003/02/21 04:07:06 | 00,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)


========== Driver Services (SafeList) ==========

DRV - [2009/07/31 07:27:56 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/07/31 07:27:56 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/28 06:32:24 | 00,108,032 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/04/30 07:09:05 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/04/30 07:09:01 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/03/19 12:48:18 | 00,136,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/03/19 12:48:12 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/02/09 06:37:56 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 06:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 06:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 06:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/02/01 16:10:02 | 00,094,208 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay)
DRV - [2009/02/01 16:09:40 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/08/28 13:16:40 | 00,071,184 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\system32\drivers\DefragFS.sys -- (DefragFS)
DRV - [2008/08/26 09:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 12:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2008/04/13 11:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/02/20 12:47:34 | 00,027,936 | ---- | M] (RapidSolution Software AG) -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/07 07:18:54 | 00,007,936 | R--- | M] (Initio Corporation) -- C:\WINDOWS\system32\drivers\inidvd.sys -- (INIDVD)
DRV - [2007/04/23 04:03:04 | 00,082,200 | ---- | M] (Locktime Software) -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2007/03/07 21:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/03/07 21:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/03/07 21:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (Cptiquisaic)
DRV - [2007/03/07 21:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2007/02/27 11:39:26 | 00,032,256 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/01/25 10:31:34 | 00,042,000 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/10/22 11:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/10/10 12:53:48 | 00,005,632 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/04/09 22:02:18 | 00,162,816 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt25usbap.sys -- (RT25USBAP)
DRV - [2006/02/16 16:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/05/03 08:34:02 | 00,027,392 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/04/21 04:40:36 | 00,010,624 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2004/10/07 18:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 09:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/22 15:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 15:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/08/03 22:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:51 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/03/14 01:14:28 | 00,112,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/03/14 01:14:16 | 00,078,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/03/14 01:13:04 | 00,090,395 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2003/03/07 22:13:22 | 00,624,369 | ---- | M] (LT) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/26 19:19:50 | 00,260,736 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/02/22 19:55:26 | 00,141,824 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2002/12/27 11:41:00 | 00,026,880 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/12/24 22:09:48 | 00,030,848 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/21 10:21:00 | 00,082,784 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\System32\DRIVERS\drvmcdb.sys -- (drvmcdb)
DRV - [2002/10/01 08:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/06 18:24:00 | 00,013,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002/08/29 12:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/06/04 13:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/04/09 13:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/04/09 16:52:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/28 16:24:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/28 16:24:27 | 00,000,000 | ---D | M]

[2008/06/20 17:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Extensions
[2009/11/27 21:04:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions
[2009/06/20 08:13:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2009/09/05 18:32:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/15 01:17:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2008/06/20 17:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}
[2009/11/21 08:25:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/06/20 17:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\extensions\videodowloader@videodownloader.net
[2009/11/27 21:04:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/12/05 21:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - Reg Error: Value error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk = C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Serie\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Serie\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Serie\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1180790481218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8464.9536689815 (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O20 - Winlogon\Notify\WBSrv: DllName - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/02 19:41:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/02 19:33:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{68185e30-b5e1-11dc-9993-000c6e914d85}\Shell - "" = AutoRun
O33 - MountPoints2\{68185e30-b5e1-11dc-9993-000c6e914d85}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{68185e30-b5e1-11dc-9993-000c6e914d85}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55454019270737920)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/09 12:09:54 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Serie\Desktop\OTL.exe
[2009/11/28 20:53:00 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2009/11/28 16:28:11 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Serie\Recent
[2009/11/27 07:36:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Serie\Desktop\Bleach_383[SleepyFans]
[2009/11/19 20:58:09 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/11/19 20:58:08 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/11/19 20:58:08 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/11/19 20:58:01 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/11/15 15:09:32 | 00,000,000 | ---D | C] -- C:\Program Files\WiFiConnector
[2009/11/13 07:02:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Serie\Desktop\Bleach_382_[SS]
[2009/02/01 16:10:02 | 00,094,208 | ---- | C] (VSO Software) -- C:\Documents and Settings\Serie\Application Data\ezplay.sys
[2009/02/01 16:09:40 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Serie\Application Data\pcouffin.sys
[2006/12/24 01:28:04 | 01,706,800 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll
[2006/12/24 01:28:04 | 00,239,224 | ---- | C] (Microsoft Corporation) -- C:\Program Files\unicows.dll
[2005/07/03 20:04:33 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2005/07/03 20:04:33 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/10 11:12:28 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/10 11:12:26 | 00,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/12/10 11:11:10 | 00,000,336 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2009/12/10 11:11:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/10 11:11:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/10 11:11:01 | 16,100,10624 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/10 10:54:39 | 15,204,352 | ---- | M] () -- C:\Documents and Settings\Serie\NTUSER.DAT
[2009/12/10 10:50:33 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/10 10:48:34 | 00,000,026 | ---- | M] () -- C:\Documents and Settings\Serie\defogger_reenable
[2009/12/10 10:43:02 | 00,050,621 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\Defogger.exe
[2009/12/10 09:06:33 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/10 08:39:20 | 03,847,760 | R--- | M] () -- C:\Documents and Settings\Serie\Desktop\Syler.exe
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/09 17:08:22 | 00,292,864 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\ud9x185h.exe
[2009/12/09 12:01:48 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Serie\Desktop\OTL.exe
[2009/11/28 17:03:57 | 00,292,352 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\qtkkq83s.exe
[2009/11/28 17:00:50 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 16:24:31 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/28 15:56:11 | 00,019,508 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\Miki Fujimoto - Zoomin & Mezamado 20091127.avi.torrent
[2009/11/28 15:50:53 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/28 08:33:22 | 45,855,703 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/28 07:22:28 | 00,015,511 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\Sayumi Michishige -Mecha Mecha Iketeru 20091128.avi.torrent
[2009/11/28 00:26:56 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\Serie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/27 16:32:30 | 00,105,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/26 19:36:25 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/26 19:36:25 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/11/19 20:04:23 | 07,428,398 | -H-- | M] () -- C:\Documents and Settings\Serie\Local Settings\Application Data\IconCache.db
[2009/11/18 16:29:04 | 13,271,714 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\Big_Bang_-_Haru_Haru__ENGLISH_SUBBED_.flv
[2009/11/18 07:10:10 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\Dream notes.doc
[2009/11/17 22:58:34 | 04,243,389 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\Fireflies (Lady GayGay Remix).m4a
[2009/11/15 15:09:41 | 00,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
[2009/11/13 18:13:40 | 09,544,474 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\CHEAT.db
[2009/11/12 20:30:37 | 01,752,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 23:59:32 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\You.doc
[2009/11/11 19:21:11 | 00,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2009/11/11 18:45:27 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Serie\Desktop\MLSCI 230 Case Study Logbook.doc
[2009/11/10 23:31:12 | 00,000,280 | ---- | M] () -- C:\WINDOWS\System32\PDBootState
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/10 10:48:28 | 00,000,026 | ---- | C] () -- C:\Documents and Settings\Serie\defogger_reenable
[2009/12/10 10:48:02 | 00,050,621 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\Defogger.exe
[2009/12/10 08:51:01 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/10 08:50:03 | 03,847,760 | R--- | C] () -- C:\Documents and Settings\Serie\Desktop\Syler.exe
[2009/12/09 17:13:55 | 00,292,864 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\ud9x185h.exe
[2009/11/28 17:03:50 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\qtkkq83s.exe
[2009/11/28 16:53:44 | 16,100,10624 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/28 15:56:10 | 00,019,508 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\Miki Fujimoto - Zoomin & Mezamado 20091127.avi.torrent
[2009/11/28 07:22:27 | 00,015,511 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\Sayumi Michishige -Mecha Mecha Iketeru 20091128.avi.torrent
[2009/11/26 19:36:25 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/11/26 19:36:25 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/11/19 20:58:10 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/19 20:58:09 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/11/19 20:58:07 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/19 20:58:06 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/19 20:58:03 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/19 20:58:03 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/11/18 16:25:04 | 13,271,714 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\Big_Bang_-_Haru_Haru__ENGLISH_SUBBED_.flv
[2009/11/17 22:58:33 | 04,243,389 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\Fireflies (Lady GayGay Remix).m4a
[2009/11/15 15:09:41 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
[2009/11/13 18:13:39 | 09,544,474 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\CHEAT.db
[2009/11/11 23:35:09 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\You.doc
[2009/11/11 19:21:11 | 00,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2009/11/11 17:50:57 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Serie\Desktop\MLSCI 230 Case Study Logbook.doc
[2009/06/27 23:19:54 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/06/02 21:47:53 | 00,002,580 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/02/24 22:56:33 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2009/02/08 00:36:43 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/01 16:10:18 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\ezplay.log
[2009/02/01 16:10:02 | 00,007,861 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\ezplay.cat
[2009/02/01 16:10:02 | 00,001,103 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\ezplay.inf
[2009/02/01 16:10:02 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\ezplay.ini
[2009/02/01 16:10:00 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\pcouffin.log
[2009/02/01 16:09:40 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\pcouffin.cat
[2009/02/01 16:09:40 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\pcouffin.inf
[2009/01/21 17:34:04 | 00,000,136 | -H-- | C] () -- C:\Documents and Settings\Serie\Application Data\lakerda1967.sys
[2009/01/21 17:33:56 | 00,010,584 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\docXConverter (3).ini
[2008/12/12 19:23:36 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/13 23:42:00 | 00,000,123 | ---- | C] () -- C:\WINDOWS\imdw.ini
[2008/09/29 05:32:52 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\winscp.rnd
[2008/09/28 15:21:46 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Serie\Local Settings\Application Data\PUTTY.RND
[2008/08/01 21:06:52 | 00,001,341 | ---- | C] () -- C:\WINDOWS\ccatalog.INI
[2008/06/20 17:50:53 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2008/06/20 17:22:53 | 00,042,496 | ---- | C] () -- C:\Documents and Settings\Serie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/20 17:22:53 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Serie\Local Settings\Application Data\fusioncache.dat
[2008/06/20 17:03:40 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\PFP100JPR.{PB
[2008/06/20 17:03:40 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Serie\Application Data\PFP100JCM.{PB
[2008/05/10 08:36:10 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/02/20 12:59:06 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2007/10/02 15:09:16 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/07/21 17:45:12 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/05/11 20:04:58 | 00,004,788 | ---- | C] () -- C:\Program Files\serie.php
[2007/04/10 07:48:13 | 00,001,579 | ---- | C] () -- C:\Program Files\index.php
[2007/01/25 10:31:36 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/12/24 01:28:04 | 00,009,660 | ---- | C] () -- C:\Program Files\help.htm
[2006/11/04 17:28:16 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/22 11:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 11:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 11:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 11:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 11:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/11 19:59:39 | 00,000,072 | ---- | C] () -- C:\WINDOWS\WB.ini
[2006/08/02 20:46:03 | 00,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2006/08/02 20:46:02 | 00,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/08/02 20:46:02 | 00,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/01/06 09:06:43 | 00,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2006/01/06 01:05:12 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/12/21 03:42:08 | 02,637,824 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005/12/21 03:42:08 | 00,428,032 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005/12/21 03:42:08 | 00,399,872 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2005/12/21 03:42:08 | 00,353,280 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2005/12/21 03:42:08 | 00,228,352 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2005/12/21 03:42:08 | 00,205,312 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005/12/21 03:42:08 | 00,171,008 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2005/12/21 03:42:08 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2005/12/21 03:42:08 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2005/12/21 03:42:08 | 00,124,928 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005/12/21 03:42:08 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2005/12/21 03:42:08 | 00,113,664 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2005/12/21 03:42:08 | 00,103,424 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2005/12/21 03:42:08 | 00,092,672 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2005/12/21 03:42:08 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2005/12/21 03:42:08 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2005/04/23 17:18:36 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/23 17:09:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PCCBrows.INI
[2005/02/23 20:39:42 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2005/02/08 16:25:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/22 16:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/04/29 17:00:00 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2004/03/28 23:07:23 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2004/03/28 23:04:13 | 00,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2004/03/01 17:40:40 | 00,006,936 | ---- | C] () -- C:\WINDOWS\Go Screensaver.ini
[2004/01/05 16:56:11 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2004/01/02 17:22:08 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/01/01 16:38:07 | 00,345,088 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll
[2003/12/26 01:45:02 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003/12/17 03:08:28 | 00,000,666 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/11/16 02:48:02 | 00,909,312 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/11/16 02:48:00 | 01,060,864 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/11/15 09:54:18 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/10/19 11:23:33 | 01,036,800 | ---- | C] () -- C:\WINDOWS\System32\libmpeg-1.0.0.dll
[2003/10/19 11:23:33 | 00,987,136 | ---- | C] () -- C:\WINDOWS\System32\liboggvorbis-1.0.0.dll
[2003/10/19 11:23:33 | 00,696,832 | ---- | C] () -- C:\WINDOWS\System32\libmcl-2.8.0.dll
[2003/10/03 10:10:14 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003/10/03 10:10:14 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2003/10/03 10:10:13 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2003/09/29 15:37:53 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/09/29 15:02:14 | 00,000,092 | ---- | C] () -- C:\WINDOWS\SC_CWADA.INI
[2003/09/26 16:20:04 | 00,000,596 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2003/09/13 20:45:13 | 00,000,000 | ---- | C] () -- C:\Program Files\stats.txt
[2003/09/13 20:45:07 | 00,197,712 | ---- | C] () -- C:\Program Files\Uninst.isu
[2003/09/13 20:44:24 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2003/09/13 18:46:20 | 00,002,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/09/13 07:34:52 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2003/09/02 14:07:33 | 00,000,045 | ---- | C] () -- C:\WINDOWS\AKCHNIMN.ini
[2003/08/19 20:58:10 | 00,002,728 | ---- | C] () -- C:\WINDOWS\universe_plugin.ini
[2003/08/07 12:01:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/07/28 13:19:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/07/28 13:19:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/07/14 22:07:24 | 00,000,349 | ---- | C] () -- C:\WINDOWS\NJWIN.INI
[2003/06/22 17:17:44 | 00,000,040 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/05/18 20:05:13 | 00,030,720 | ---- | C] () -- C:\WINDOWS\System32\BnetAuth.dll
[2003/05/16 09:05:01 | 00,000,023 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2003/04/10 04:35:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 04:21:36 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/10 01:51:07 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/10 01:51:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/04/10 00:32:34 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/04/10 00:32:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/10 00:06:10 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/10 00:03:38 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/10 00:03:38 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/09 23:57:15 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/09 23:57:04 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/09 23:16:44 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/09 22:44:58 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/09 22:44:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/09 22:44:29 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/09 22:23:21 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/09 22:05:45 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/19 16:50:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/11/27 04:30:32 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/10/15 15:54:04 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/10/06 15:42:58 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/05/24 08:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 08:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/08/14 18:47:08 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll
[2000/10/30 11:04:00 | 00,000,209 | ---- | C] () -- C:\WINDOWS\Ic32.ini
[1999/07/06 17:00:00 | 00,000,006 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D81EDBF9-D167-4011-B77D-211DF920EB80
[1999/01/22 11:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/18 00:00:00 | 01,672,976 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/06/18 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 00:00:00 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/06/18 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 05:00:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: LOGEVENT.DLL >
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\logevent.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

========== Files - Unicode (All) ==========
[2009/11/28 08:04:04 | 24,717,6841 | ---- | M] ()(C:\Documents and Settings\Serie\Desktop\11eyes-?????????-.rar) -- C:\Documents and Settings\Serie\Desktop\11eyes-罪と罰と贖いの少女-.rar
[2009/11/28 07:57:20 | 24,717,6841 | ---- | C] ()(C:\Documents and Settings\Serie\Desktop\11eyes-?????????-.rar) -- C:\Documents and Settings\Serie\Desktop\11eyes-罪と罰と贖いの少女-.rar
[2009/07/29 20:54:45 | 00,000,683 | ---- | M] ()(C:\Documents and Settings\Serie\My Documents\?????????.csv) -- C:\Documents and Settings\Serie\My Documents\新規チェックリスト.csv
[2009/07/29 20:54:45 | 00,000,683 | ---- | C] ()(C:\Documents and Settings\Serie\My Documents\?????????.csv) -- C:\Documents and Settings\Serie\My Documents\新規チェックリスト.csv
[2008/06/20 17:09:52 | 00,001,631 | ---- | C] ()(C:\Documents and Settings\Serie\Desktop\Ef ????.lnk) -- C:\Documents and Settings\Serie\Desktop\Ef クロック.lnk
[2007/12/14 14:52:04 | 00,001,631 | ---- | M] ()(C:\Documents and Settings\Serie\Desktop\Ef ????.lnk) -- C:\Documents and Settings\Serie\Desktop\Ef クロック.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\halloween trick.PSD:SummaryInformation
@Alternate Data Stream - 287 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6686D8
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48A9EADC
< End of report >

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:31 PM

Posted 10 December 2009 - 03:05 PM

No worries.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FileLook::
C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
C:\WINDOWS\ERDNT\cache\atapi.sys
C:\WINDOWS\ServicePackFiles\i386\atapi.sys
C:\WINDOWS\system32\dllcache\atapi.sys
C:\WINDOWS\system32\drivers\atapi.sys
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Posted Image
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

unite.jpg


#15 Sei

Sei
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 10 December 2009 - 04:23 PM

I attempted to run RootRepeal, but it would only open up to the Initializing. Please wait... grey box and then would not proceed. After a few minutes, a message would pop up saying windows is low on virtual memory and everything. After waiting for half an hour with no results, I ended up just shutting it down.

That aside, here's the ComboFix log:

ComboFix 09-12-09.04 - Serie 12/10/2009 13:39:13.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1535.983 [GMT -7:00]
Running from: c:\documents and settings\Serie\Desktop\Syler.exe
Command switches used :: c:\documents and settings\Serie\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: F-Secure Client Security 7.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 )))))))))))))))))))))))))))))))
.

2009-11-29 03:53 . 2009-11-29 03:53 -------- d-----w- c:\program files\Cobian Backup 9
2009-11-20 03:58 . 2004-01-25 16:18 217088 ------w- c:\windows\system32\yv12vfw.dll
2009-11-20 03:58 . 2009-05-29 21:31 881664 ------w- c:\windows\system32\xvidcore.dll
2009-11-20 03:58 . 2009-05-29 21:37 205824 ------w- c:\windows\system32\xvidvfw.dll
2009-11-20 03:58 . 2009-11-09 18:00 85504 ------w- c:\windows\system32\ff_vfw.dll
2009-11-20 03:58 . 2009-11-20 03:58 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-15 22:09 . 2009-11-15 22:09 -------- d-----w- c:\program files\WiFiConnector

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 20:32 . 2006-01-06 16:06 336 ----a-w- c:\windows\system32\tablet.dat
2009-11-29 00:00 . 2009-09-25 13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-28 23:25 . 2008-06-20 23:53 -------- d-----w- c:\documents and settings\Serie\Application Data\Azureus
2009-11-28 23:25 . 2003-12-07 14:10 -------- d-----w- c:\program files\mIRC
2009-11-28 03:02 . 2008-04-17 16:23 -------- d-----w- c:\program files\Rappelz
2009-11-26 06:49 . 2009-04-13 06:39 -------- d-----w- c:\documents and settings\Serie\Application Data\FileZilla
2009-11-24 06:13 . 2009-08-09 03:13 -------- d-----w- c:\program files\FlashGet
2009-11-24 05:08 . 2008-06-24 00:36 -------- d-----w- c:\documents and settings\Serie\Application Data\Mumble
2009-11-15 21:50 . 2007-01-17 06:16 -------- d-----w- c:\program files\Trickster Online
2009-11-12 02:20 . 2008-06-24 00:35 -------- d-----w- c:\program files\Mumble
2009-11-12 02:18 . 2009-01-10 01:25 -------- d-----w- c:\documents and settings\Serie\Application Data\skypePM
2009-11-12 02:18 . 2008-06-21 00:04 -------- d-----w- c:\documents and settings\Serie\Application Data\Skype
2009-11-07 06:48 . 2008-06-21 00:22 82216 ------w- c:\documents and settings\Serie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-07 06:39 . 2008-07-07 10:33 71176 ---h--w- c:\windows\system32\mlfcache.dat
2009-11-06 23:21 . 2009-11-06 03:33 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-06 03:56 . 2006-07-05 06:33 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-06 03:30 . 2009-11-06 03:30 -------- d-----w- c:\program files\Microsoft
2009-11-06 03:30 . 2009-11-06 03:30 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-06 03:29 . 2007-09-17 01:17 -------- d-----w- c:\program files\Windows Live
2009-11-06 03:26 . 2009-11-06 03:26 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-28 22:42 . 2008-06-21 00:03 -------- d-----w- c:\documents and settings\Serie\Application Data\U3
2009-10-22 00:46 . 2009-10-22 00:46 -------- d-----w- c:\program files\Windows Media Components
2009-10-12 23:26 . 2009-10-12 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-10-12 23:22 . 2009-10-12 23:21 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-10-12 23:21 . 2009-10-12 23:21 -------- d-----w- c:\documents and settings\Serie\Application Data\Uniblue
2007-05-12 03:17 . 2007-05-12 03:04 4788 ------w- c:\program files\serie.php
2007-04-10 14:48 . 2007-04-10 14:48 1579 ------w- c:\program files\index.php
2003-09-14 03:46 . 2003-09-14 03:45 197712 -c----w- c:\program files\Uninst.isu
2002-09-20 03:28 . 2006-12-24 08:28 9660 -c----w- c:\program files\help.htm
2002-07-31 16:28 . 2006-12-24 08:28 239224 -c----w- c:\program files\unicows.dll
2001-08-23 23:25 . 2006-12-24 08:28 1706800 -c----w- c:\program files\gdiplus.dll
1998-06-11 22:13 . 2003-09-14 03:45 0 -c----w- c:\program files\stats.txt
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@@desktop.dat
2006-10-02 03:21 . 2006-10-02 03:21 0 -csh--w- c:\windows\SMINST\HPCD.sys
2006-05-03 09:06 . 2009-06-28 06:19 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-06-28 06:19 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-06-28 06:19 216064 --sh--r- c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\$NtServicePackUninstall$\atapi.sys ---
Company: Microsoft Corporation
File Description: IDE/ATAPI Port Driver
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: atapi.sys
File size: 95360
Created time: 2008-05-13 03:35
Modified time: 2004-08-04 05:59
MD5: CDFE4411A69C224BD1D11B2DA92DAC51
SHA1: A42FBFEB5A4D94118B483D7F18113AA8C329A052


--- c:\windows\$NtUninstallQ331958$\atapi.sys ---
Company: Microsoft Corporation
File Description: IDE/ATAPI Port Driver
File Version: 5.1.2600.1106 (xpsp1.020828-1920)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: atapi.sys
File size: 86912
Created time: 2003-09-13 14:34
Modified time: 2002-08-29 12:00
MD5: 95B858761A00E1D4F81F79A0DA019ACA
SHA1: 008BBADC55FB145C32B240644083059677681025


--- c:\windows\ERDNT\cache\atapi.sys ---
Company: Microsoft Corporation
File Description: IDE/ATAPI Port Driver
File Version: 5.1.2600.5512 (xpsp.080413-2108)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: atapi.sys
File size: 96512
Created time: 2009-12-10 16:07
Modified time: 2008-04-13 18:40
MD5: 9F3A2F5AA6875C72BF062C712CFA2674
SHA1: A719156E8AD67456556A02C34E762944234E7A44


--- c:\windows\ServicePackFiles\i386\atapi.sys ---
Company: Microsoft Corporation
File Description: IDE/ATAPI Port Driver
File Version: 5.1.2600.5512 (xpsp.080413-2108)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: atapi.sys
File size: 96512
Created time: 2004-08-04 05:59
Modified time: 2008-04-13 18:40
MD5: 9F3A2F5AA6875C72BF062C712CFA2674
SHA1: A719156E8AD67456556A02C34E762944234E7A44


--- c:\windows\system32\dllcache\atapi.sys ---
Company: Microsoft Corporation
File Description: IDE/ATAPI Port Driver
File Version: 5.1.2600.5512 (xpsp.080413-2108)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: atapi.sys
File size: 96512
Created time: 2003-06-05 00:40
Modified time: 2008-04-13 18:40
MD5: 9F3A2F5AA6875C72BF062C712CFA2674
SHA1: A719156E8AD67456556A02C34E762944234E7A44


--- c:\windows\system32\drivers\atapi.sys ---
Company: Microsoft Corporation
File Description: IDE/ATAPI Port Driver
File Version: 5.1.2600.5512 (xpsp.080413-2108)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: atapi.sys
File size: 96512
Created time: 2003-06-05 00:40
Modified time: 2008-04-13 18:40
MD5: 9F3A2F5AA6875C72BF062C712CFA2674
SHA1: A719156E8AD67456556A02C34E762944234E7A44


((((((((((((((((((((((((((((( SnapShot_2009-12-10_16.06.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-10 20:32 . 2009-12-10 20:32 16384 c:\windows\temp\Perflib_Perfdata_648.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [X]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-11-07 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-05-28 380416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe -osboot" [X]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe -atboottime" [X]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-18 69632]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-12 114688]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 44032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Serie\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-20 113664]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
PowerReg Scheduler.exe [2003-9-30 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-20 113664]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-20 113664]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-7-7 49220]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2009-11-15 1073152]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-1-6 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 19:41 294912 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 14:27 11952 ------w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ------w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-07 03:16 176128 ------w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.IVAN^Start Menu^Programs^Startup^ef ????.lnk]
path=c:\documents and settings\Owner.IVAN\Start Menu\Programs\Startup\ef ????.lnk
backup=c:\windows\pss\ef ????.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Serie^Start Menu^Programs^Startup^spamsubtract.lnk]
backup=c:\windows\pss\spamsubtract.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Serie^Start Menu^Programs^Startup^Webshots.lnk]
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
2002-10-07 06:23 90112 ------w- c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 04:34 49152 ------w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-04-29 00:14 570664 ------w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
2009-02-26 23:04 2376992 ------w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 19:20 25604904 ------r- c:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Starcraft\\starcraft.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\OroBaduk\\OrO20.exe"=
"c:\\sysreset\\mirc.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Share\\Share.exe"=
"c:\\Program Files\\Trickster Online\\Splash.exe"=
"c:\\Starcraft\\SCXE Start.exe"=
"c:\\SoftImage\\XSI_7.0\\Application\\bin\\XSI.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Persona\\Persona.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Acoustica Mixcraft\\Mixcraft4.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7/9/2008 4:23 PM 12552]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [7/3/2005 8:04 PM 155136]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/9/2008 4:23 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/9/2008 4:23 PM 108552]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [4/23/2007 4:03 AM 82200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 12:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 11:39 AM 32256]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/7/2009 2:14 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/7/2009 2:14 PM 297752]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [12/31/2008 1:12 PM 693512]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/27/2008 7:26 PM 24652]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [5/28/2009 6:32 AM 108032]
S0 aoksy;aoksy;c:\windows\system32\drivers\icvtdxwx.sys --> c:\windows\system32\drivers\icvtdxwx.sys [?]
S0 behqftnx;behqftnx;c:\windows\system32\drivers\tawljuuz.sys --> c:\windows\system32\drivers\tawljuuz.sys [?]
S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\n:\documents\hw32_320\HWiNFO32.SYS --> n:\documents\hw32_320\HWiNFO32.SYS [?]
S2 mrtRate;mrtRate; [x]
S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [2/7/2009 1:26 PM 7936]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [6/28/2009 10:00 AM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [6/28/2009 10:00 AM 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 10:31 AM 42000]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [12/31/2008 1:12 PM 910600]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
S4 Cptiquisaic;Cptiquisaic;c:\windows\system32\drivers\HPZipr12.sys [9/13/2003 6:53 PM 16496]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [7/3/2005 8:04 PM 5248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 21:04 8192 ------w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
LSP: SpSubLSP.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-?????-LilianFourhand- - y:\games\French Bread\Lilian Fourhand\?????-LilianFourhand-\UnInst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 13:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A060780]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf7588cb8
\Driver\atapi -> 0x8a060780
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3874153118-2467180674-3659626198-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\’t*’0 ’ ’X*’p*’ ]
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\wininet.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Softex\OmniPass\opxpgina.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\SpSubLSP.dll

- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\tray.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-10 14:00:17
ComboFix-quarantined-files.txt 2009-12-10 21:00
ComboFix2.txt 2009-09-25 00:35

Pre-Run: 10,669,510,656 bytes free
Post-Run: 10,644,828,160 bytes free

- - End Of File - - 033DB0D6634579010B009785A18E84FD




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users