Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cant update my programs?


  • This topic is locked This topic is locked
9 replies to this topic

#1 ainoskedu

ainoskedu

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 09 January 2010 - 04:50 PM

Well my programs are unable to connect with its update server which is beginning to bother me because i need to update my antivirus and other programs and games.im just previously dealt with malware problems that corrupted some programs that i removed.had to re download it and repair and replace some dll's.thats all i basically did besides doing virus scans and spyware/malware scans in normal boot and safe mode i don't know what to do to repair this problems . any help will appriciated

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:16 AM, on 1/9/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iHome\Keyboard Driver\StartAutorun.exe
C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe
C:\Users\Seanna and Jason\Desktop\programs\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iHome\Keyboard Driver\KMConfig.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Seanna and Jason\Desktop\programs\Daemon tools\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iHome\Keyboard Driver\KMProcess.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.as...=0409&m=et1300
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=0&l=dir
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.as...=0409&m=et1300
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.as...=0409&m=et1300
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - (no file)
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\iHome\Keyboard Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Users\Seanna and Jason\Desktop\programs\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Users\Seanna and Jason\Desktop\programs\Daemon tools\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\iHome\Keyboard Driver\KMWDSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7926 bytes

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:20 AM

Posted 15 January 2010 - 05:42 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 ainoskedu

ainoskedu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 20 January 2010 - 08:14 AM

Ok imma do what you just told me ...thanks

#4 ainoskedu

ainoskedu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 20 January 2010 - 05:04 PM

well actually um it first happens when my computer had trouble booting up normally.my computer use to start up with the icons not displaying properlyi fixed it by replacing the corrupted dlls.by the way i ran avg spy bot and windows defender and malwarebytes to find the problem.um malwabytes and spybot caught some Trojans that i deleted.but after all that some of my programs and games cannot update at all. this includes my avast anti virus(i deleted avg)windows defender, ccleanup, defraggler, trickster, maple story,and other programs

PS i remember having hard time replacing the java run time environment because it was corrupted. i did repair tho because i virus corrupted that..

sorry this is the clearest i can make myself as im not really to good with English.


Thanks, Ain



OTL logfile created on: 1/20/2010 10:49:50 AM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Seanna and Jason\Important system programs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.05 Gb Total Space | 54.25 Gb Free Space | 39.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DACOMPUTER
Current User Name: Seanna and Jason
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/17 10:58:26 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/16 06:02:30 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Seanna and Jason\Important system programs\OTL.exe
PRC - [2009/12/16 06:34:56 | 00,503,808 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2009/12/02 07:37:38 | 00,693,560 | ---- | M] (Piriform Ltd) -- C:\Users\Seanna and Jason\Desktop\programs\Defraggler\df.exe
PRC - [2009/11/24 13:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 13:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 13:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 13:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 13:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/14 13:29:06 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Users\Seanna and Jason\Desktop\programs\iTunesHelper.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/23 06:29:18 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/23 03:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Users\Seanna and Jason\Desktop\programs\Daemon tools\DAEMON Tools Lite\daemon.exe
PRC - [2009/04/10 20:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/08 02:47:20 | 00,073,728 | ---- | M] (r2 studios) -- C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/20 09:20:52 | 06,711,840 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/22 16:14:28 | 00,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/07/06 17:31:02 | 00,331,776 | ---- | M] (UASSOFT.COM) -- C:\Program Files\iHome\Keyboard Driver\KMProcess.exe
PRC - [2008/06/23 21:28:08 | 00,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files\iHome\Keyboard Driver\KMWDSrv.exe
PRC - [2008/06/14 01:02:04 | 00,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\iHome\Keyboard Driver\KMCONFIG.exe
PRC - [2008/06/11 08:18:30 | 00,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
PRC - [2008/05/30 01:22:36 | 00,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\iHome\Keyboard Driver\StartAutorun.exe
PRC - [2008/01/20 16:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 16:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/20 16:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/20 16:23:32 | 00,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007/09/13 15:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/16 06:02:30 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Seanna and Jason\Important system programs\OTL.exe
MOD - [2009/04/10 20:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 13:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 13:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 13:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 13:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/09/24 15:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 13:29:06 | 00,215,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/22 16:14:28 | 00,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/06/23 21:28:08 | 00,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\iHome\Keyboard Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2008/06/11 08:18:30 | 00,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/01/20 16:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 02:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 13:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 13:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 13:49:48 | 00,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 13:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 13:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/10/04 11:33:14 | 00,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/10/01 19:51:14 | 00,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/13 15:07:12 | 01,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 08:54:00 | 09,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/01/19 20:10:52 | 02,317,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/09/23 23:00:02 | 00,023,712 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/08/01 19:51:14 | 01,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/11 08:13:24 | 00,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/01/20 16:23:49 | 00,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/20 16:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 16:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 16:23:27 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 16:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 16:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 16:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 16:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 16:23:25 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 16:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 16:23:24 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 16:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 16:23:23 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 16:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 16:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 16:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 16:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 16:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 16:23:22 | 00,521,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2008/01/20 16:23:22 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 16:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 16:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 16:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 16:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 16:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 16:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 16:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/08/09 18:12:30 | 00,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/01 23:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/01 23:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/01 23:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/01 23:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/01 23:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/01 23:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/01 23:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/01 23:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/01 23:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/01 23:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/01 23:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/01 22:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/01 22:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/01 22:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/01 22:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/01 22:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/01 22:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 21:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 20:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/09/24 03:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 09:33:26 | 00,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...09&m=et1300
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...09&m=et1300


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...09&m=et1300
IE - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=0&l=dir
IE - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000\..\URLSearchHook: {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000\S-1-5-21-1596932882-2439384091-2050370260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000\S-1-5-21-1596932882-2439384091-2050370260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000\S-1-5-21-1596932882-2439384091-2050370260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Isohunt-vuze Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2014090&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: {6c3a1de1-94ca-4ad6-acdf-c1324adc487b}:2.4.0.4
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.6.0.0
FF - prefs.js..extensions.enabledItems: {5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD}:1.0.0.14
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.0
FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.0.7
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2014090&SearchSource=2&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/17 10:58:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/17 10:58:36 | 00,000,000 | ---D | M]

[2009/07/08 20:38:24 | 00,000,000 | ---D | M] -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Extensions
[2009/07/08 20:38:24 | 00,000,000 | ---D | M] -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/20 10:29:07 | 00,000,000 | ---D | M] -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions
[2009/12/14 14:56:04 | 00,000,000 | ---D | M] (NeffyPlugin Launcher) -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\{5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD}
[2009/12/10 17:20:48 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/10 17:20:40 | 00,000,000 | ---D | M] (Isohunt-vuze Toolbar) -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\{6c3a1de1-94ca-4ad6-acdf-c1324adc487b}
[2009/10/27 19:58:58 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/10/11 08:48:13 | 00,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2009/07/08 20:02:16 | 00,000,000 | ---D | M] -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\djziggy@gmail.com
[2009/11/26 09:32:45 | 00,000,000 | ---D | M] -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\keyscrambler@qfx.software.corporation
[2009/07/08 20:02:17 | 00,000,000 | ---D | M] -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\djziggy@gmail.com\chrome\global\extensions
[2009/07/08 20:02:18 | 00,000,000 | ---D | M] -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\djziggy@gmail.com\chrome\global\extensions\chatzilla
[2009/07/08 20:02:17 | 00,000,000 | ---D | M] -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\djziggy@gmail.com\chrome\global\extensions\Console2
[2009/07/08 20:02:17 | 00,000,000 | ---D | M] -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\djziggy@gmail.com\chrome\global\extensions\downthemall
[2009/07/08 20:02:17 | 00,000,000 | ---D | M] -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\djziggy@gmail.com\chrome\global\extensions\emusic
[2009/07/08 20:02:17 | 00,000,000 | ---D | M] -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\djziggy@gmail.com\chrome\global\extensions\fullerscreen
[2009/07/08 20:02:18 | 00,000,000 | ---D | M] -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\djziggy@gmail.com\chrome\global\extensions\sage
[2009/07/08 20:02:18 | 00,000,000 | ---D | M] -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\djziggy@gmail.com\chrome\global\extensions\toolkit
[2009/07/08 20:02:17 | 00,000,000 | ---D | M] -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\djziggy@gmail.com\chrome\global\extensions\webdeveloper
[2009/07/08 20:02:18 | 00,000,000 | ---D | M] -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\extensions\djziggy@gmail.com\chrome\mozapps\extensions
[2009/09/22 14:41:31 | 00,000,886 | ---- | M] () -- C:\Users\Seanna and Jason\AppData\Roaming\Mozilla\Firefox\Profiles\j0l3v3nw.default\searchplugins\conduit.xml
[2009/12/16 22:54:45 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/12/31 00:40:11 | 00,370,684 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12779 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [iTunesHelper] C:\Users\Seanna and Jason\Desktop\programs\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\iHome\Keyboard Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe (r2 studios)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000..\Run: [DAEMON Tools Lite] C:\Users\Seanna and Jason\Desktop\programs\Daemon tools\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Seanna and Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O7 - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1596932882-2439384091-2050370260-1000\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 24.25.227.55 209.18.47.61 24.25.227.53 192.168.1.1 208.67.222.222 208.67.220.220 208.67.222.222 208.67.220.220 24.25.227.55 209.18.47.61 24.25.227.53
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Seanna and Jason\Downloads\PREEEES..jpg
O24 - Desktop BackupWallPaper: C:\Users\Seanna and Jason\Downloads\PREEEES..jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 11:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cae0a095-af17-11de-b775-0025110eb9a3}\Shell - "" = AutoRun
O33 - MountPoints2\{cae0a095-af17-11de-b775-0025110eb9a3}\Shell\AutoRun\command - "" = J:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/12 16:17:56 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/12 16:17:56 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/09 03:13:01 | 00,000,000 | --SD | C] -- C:\Users\Seanna and Jason\Documents\Mabinogi
[2010/01/09 03:10:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/09 03:06:08 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/01/07 15:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Drum Machine
[2009/12/24 22:17:18 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/12/24 22:17:18 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/12/24 22:17:15 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/12/24 22:17:14 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/12/24 22:17:14 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/12/24 22:17:00 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/12/24 22:17:00 | 00,053,328 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/12/24 22:16:58 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/24 14:58:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/12/24 14:58:06 | 00,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2009/12/24 14:34:26 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/20 10:47:47 | 05,242,880 | -HS- | M] () -- C:\Users\Seanna and Jason\ntuser.dat
[2010/01/20 10:14:33 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/20 10:14:33 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/20 10:14:33 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/20 10:13:49 | 00,281,302 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/01/20 10:13:48 | 00,281,302 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/20 10:11:00 | 00,000,364 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job
[2010/01/20 10:09:48 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/01/20 10:09:37 | 00,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/20 10:09:37 | 00,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/20 10:09:37 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/20 10:09:29 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/17 23:39:52 | 00,524,288 | -HS- | M] () -- C:\Users\Seanna and Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/17 23:39:52 | 00,065,536 | -HS- | M] () -- C:\Users\Seanna and Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/17 21:19:54 | 02,901,996 | -H-- | M] () -- C:\Users\Seanna and Jason\AppData\Local\IconCache.db
[2010/01/17 21:02:00 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010/01/17 20:10:08 | 00,021,187 | ---- | M] () -- C:\Users\Seanna and Jason\Documents\Health Essay.odt
[2010/01/16 15:41:14 | 00,121,690 | ---- | M] () -- C:\Users\Seanna and Jason\Documents\39402.pdf
[2010/01/16 15:02:00 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010/01/14 15:02:00 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/10 03:02:00 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010/01/09 13:11:06 | 00,001,356 | ---- | M] () -- C:\Users\Seanna and Jason\AppData\Local\d3d9caps.dat
[2010/01/09 11:31:58 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010/01/09 03:16:16 | 00,000,698 | ---- | M] () -- C:\Users\Seanna and Jason\Desktop\Mabinogi.lnk
[2010/01/09 03:10:36 | 00,000,788 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/09 02:35:55 | 00,001,679 | ---- | M] () -- C:\Users\Seanna and Jason\Desktop\Defraggler.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/31 00:40:11 | 00,370,684 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/12/31 00:30:07 | 00,001,628 | ---- | M] () -- C:\Users\Seanna and Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/12/30 15:15:01 | 00,001,670 | ---- | M] () -- C:\Users\Seanna and Jason\Desktop\LimeWire 5.4.6.lnk
[2009/12/24 23:59:10 | 00,370,684 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091231-004011.backup
[2009/12/24 22:17:18 | 00,001,819 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/12/24 22:17:14 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/12/24 14:44:53 | 00,000,000 | ---- | M] () -- C:\Users\Seanna and Jason\AppData\Local\prvlcl.dat
[2009/12/24 00:44:14 | 00,009,183 | -HS- | M] () -- C:\Users\Seanna and Jason\Documents\Folder.jpg
[2009/12/24 00:44:14 | 00,002,384 | -HS- | M] () -- C:\Users\Seanna and Jason\Documents\AlbumArtSmall.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/17 20:10:08 | 00,021,187 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Health Essay.odt
[2010/01/16 15:41:14 | 00,121,690 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\39402.pdf
[2010/01/09 03:16:16 | 00,000,698 | ---- | C] () -- C:\Users\Seanna and Jason\Desktop\Mabinogi.lnk
[2010/01/09 03:10:36 | 00,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/31 00:30:07 | 00,001,628 | ---- | C] () -- C:\Users\Seanna and Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/12/30 15:15:01 | 00,001,670 | ---- | C] () -- C:\Users\Seanna and Jason\Desktop\LimeWire 5.4.6.lnk
[2009/12/30 15:11:17 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/12/30 15:11:17 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2009/12/30 15:11:17 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2009/12/30 15:11:17 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2009/12/30 15:11:17 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2009/12/24 22:17:18 | 00,001,819 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/12/24 22:17:00 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/12/24 00:44:14 | 00,009,183 | -HS- | C] () -- C:\Users\Seanna and Jason\Documents\Folder.jpg
[2009/12/24 00:44:14 | 00,002,384 | -HS- | C] () -- C:\Users\Seanna and Jason\Documents\AlbumArtSmall.jpg
[2009/12/24 00:44:10 | 04,081,111 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\03-shwayze-crazy_for_you.wma
[2009/12/24 00:44:10 | 04,051,237 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\03 Lady Gaga - Monster(1).wma
[2009/12/24 00:44:09 | 04,571,161 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\The Expendables - Bowl For Two.wma
[2009/12/24 00:44:09 | 04,170,303 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\02 Favorite Girl 1.wma
[2009/12/24 00:44:09 | 03,668,875 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\03 - Seeed feat. Cee-Lo Green - Rise and shine.wma
[2009/12/24 00:44:08 | 04,726,071 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Sugar Ray - Fly.wma
[2009/12/24 00:44:08 | 03,716,485 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\slightly stupid - sweet honey.wma
[2009/12/24 00:44:08 | 03,316,167 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Sean_Paul_-_Hold_My_Hand_(feat._Keri_Hilson)_-_HNHH.wma
[2009/12/24 00:44:08 | 03,292,225 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Shwayze - High Together.wma
[2009/12/24 00:44:07 | 03,961,535 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Rebelution- Bright Side of Life.wma
[2009/12/24 00:44:07 | 03,722,543 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Rebelution - Ordinary Girl.wma
[2009/12/24 00:44:07 | 03,584,655 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Sean Kingston - Island Queen.wma
[2009/12/24 00:44:07 | 03,525,199 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Peter Andre - Mysterious Girl.wma
[2009/12/24 00:44:07 | 03,262,435 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Sean Kingston - Wrap U Around Me.wma
[2009/12/24 00:44:06 | 03,704,499 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Owl City - Fireflies.wma
[2009/12/24 00:44:06 | 03,369,717 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Matisyahu - One Day.wma
[2009/12/24 00:44:06 | 03,112,727 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\New Boyz - You_re A Jerk.wma
[2009/12/24 00:44:06 | 02,885,955 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\New Boyz - Tie Me Down (feat. Ray J) - HNHH.wma
[2009/12/24 00:44:05 | 04,003,261 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Laga Savea - Honi Honi.wma
[2009/12/24 00:44:05 | 03,686,531 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Kolohe Kai - Ehu Girl(1).wma
[2009/12/24 00:44:05 | 03,614,825 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\LMFAO - Shooting Star.wma
[2009/12/24 00:44:05 | 03,465,135 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Maoli - So Incredible.wma
[2009/12/24 00:44:04 | 03,614,747 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Kolohe Kai - Butterflies.wma
[2009/12/24 00:44:04 | 03,578,991 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Jesse McCartney ft. T-Pain - Body Language (The Movement).wma
[2009/12/24 00:44:04 | 03,387,845 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Jay Sean feat. Lil Jon & Sean Paul - Do You Remember.wma
[2009/12/24 00:44:04 | 03,344,464 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Kesha- TiK ToK (feat_ P_ Diddy).wma
[2009/12/24 00:44:03 | 04,170,613 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Jah Roots - Crucial.wma
[2009/12/24 00:44:03 | 03,985,501 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\JAH ROOTS - Spliff and My Lady.wma
[2009/12/24 00:44:03 | 03,937,511 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\IRATION - Electricity.wma
[2009/12/24 00:44:03 | 03,931,641 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Hawaiian Reggae -Natural Vibrations - One On One.wma
[2009/12/24 00:44:02 | 04,110,775 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Drake-Best I_ve Ever Had.wma
[2009/12/24 00:44:02 | 03,842,089 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Akon - beutiful.wma
[2009/12/24 00:44:02 | 03,560,751 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\Hawaiian - Kolohe Kai - Is This Love.wma
[2009/12/24 00:44:02 | 03,423,303 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\09 Lazy Afternoon.wma
[2009/12/24 00:44:02 | 02,670,705 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\DOT DOT CURVE - Yea I_m The Sex.wma
[2009/12/24 00:44:02 | 00,004,515 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\DevLogo.fil
[2009/12/24 00:44:02 | 00,004,286 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\DevIcon.fil
[2009/12/24 00:44:01 | 03,704,647 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\04 Dream Girl.wma
[2009/12/24 00:44:01 | 03,620,511 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\06 First Dance 1.wma
[2009/12/24 00:44:01 | 03,124,503 | ---- | C] () -- C:\Users\Seanna and Jason\Documents\07 Love Me 1.wma
[2009/12/14 15:04:41 | 00,000,000 | ---- | C] () -- C:\Users\Seanna and Jason\AppData\Local\prvlcl.dat
[2009/12/11 02:15:55 | 00,000,552 | ---- | C] () -- C:\Users\Seanna and Jason\AppData\Local\d3d8caps.dat
[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/10/02 11:21:00 | 00,000,203 | ---- | C] () -- C:\Windows\GSdx9.INI
[2009/10/01 19:51:14 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/09/24 21:14:05 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/10 06:40:08 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/04 22:42:02 | 00,281,302 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/04 22:41:26 | 00,281,302 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/29 10:55:56 | 00,000,069 | ---- | C] () -- C:\Windows\wininit.ini
[2009/07/10 19:09:05 | 00,006,144 | ---- | C] () -- C:\Users\Seanna and Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/08 21:18:21 | 00,000,000 | ---- | C] () -- C:\Windows\System32\dxtrans.dll
[2009/07/08 19:41:19 | 00,000,132 | ---- | C] () -- C:\Users\Seanna and Jason\AppData\Roaming\wklnhst.dat
[2009/07/08 19:36:44 | 00,001,356 | ---- | C] () -- C:\Users\Seanna and Jason\AppData\Local\d3d9caps.dat
[2009/04/30 12:19:17 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2006/11/02 02:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 21:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996/04/03 09:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C6B34D36
< End of report >


OTL Extras logfile created on: 1/20/2010 10:49:50 AM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Seanna and Jason\Important system programs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.05 Gb Total Space | 54.25 Gb Free Space | 39.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DACOMPUTER
Current User Name: Seanna and Jason
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1596932882-2439384091-2050370260-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01300419-9FE1-4DC6-A1EB-0DE1F11B8F70}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09B5E4FB-D56C-47A1-927C-8B97CD5CE065}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0AA22FB5-036D-428C-BE55-3E1D0A734881}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{10FE1266-B197-4A01-B2A8-54873E3434D4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{111DEF9C-34D9-4F12-9826-208CC300703B}" = lport=139 | protocol=6 | dir=in | app=system |
"{15D62573-4AEF-4E8B-8926-03AE3C97ABA7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{186F40EE-203C-4B3D-B326-9EFD649498C3}" = rport=445 | protocol=6 | dir=out | app=system |
"{1D8F6AB2-84DD-4359-82BE-8781C1A0281A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26D48BDD-7D20-45D3-9FB1-E88D52D35EE5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2706E06A-4C52-4D0A-A7FC-320182BB16BD}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2E9E5F27-C186-4142-9BBB-4B6F945C8D09}" = lport=445 | protocol=6 | dir=in | app=system |
"{2F2B9492-98FC-4C3D-AB06-DDE08D9C874A}" = lport=3390 | protocol=6 | dir=in | app=system |
"{2F89909E-25D5-412B-8780-3F01E55AE6D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3721B683-E0C8-4EC8-8BAE-7A63E0075218}" = lport=137 | protocol=17 | dir=in | app=system |
"{37D5797F-627C-4EF6-8AC4-B7C29383CE8A}" = rport=139 | protocol=6 | dir=out | app=system |
"{3CAF8DA3-F704-451E-8627-11E36DE46E18}" = rport=10244 | protocol=6 | dir=out | app=system |
"{3EAA9C96-DF05-45E8-8988-126F333F0286}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4292A3D1-BAB1-46D2-96C5-CAC8F4E5EE25}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B6A1098-CED1-462F-B823-2CBF470A82E2}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6164C589-1536-40F0-8C12-D330969A42AB}" = rport=10244 | protocol=6 | dir=out | app=system |
"{636728E1-190B-4435-8484-F930478762A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67D6986E-47A1-4739-ACDB-D8E01374535F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6BCBA7C7-510B-46F6-A735-BD5A155A944C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7238F20D-BACB-4A5C-9B7D-8BD9D91CE700}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{727CE2FE-4793-44B3-954A-0171C6FDE09C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77C88ACD-C49E-475E-A474-1E5484A6C5FF}" = rport=137 | protocol=17 | dir=out | app=system |
"{77CFB628-747F-4A7B-BE96-ADE8F0B93586}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7DAC569A-F245-4411-949B-59B0CF5C893D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85B96951-EE18-47B6-B6E8-C26AFBB650A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D6255D2-9AB8-45A5-9DD7-064556B95264}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F2CB5FF-E1E6-4552-B79E-60E63EB20428}" = lport=138 | protocol=17 | dir=in | app=system |
"{99CC6DC8-B7D6-4D6B-8DD0-6F1122013409}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A288612-7C97-40C2-A9A9-AAE419FCA86A}" = rport=138 | protocol=17 | dir=out | app=system |
"{9BBBFAE4-6857-401B-A6ED-A88D27E9A675}" = rport=10243 | protocol=6 | dir=out | app=system |
"{ADCD8F9E-1FE5-45EA-83B0-39D1F52CA675}" = lport=10244 | protocol=6 | dir=in | app=system |
"{BBAC6C4D-AA28-47DB-BBA9-1D366FE39D79}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C006E928-8C47-4A88-AB0D-292C01C6189B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C27C577A-AE23-43FB-AB0C-96ABA1E10A0C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C755428B-3176-412E-9659-FF6DF225CDA7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC067AFB-5AAF-4412-8AF1-1E1257B15A6A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CD3BFFF4-E6FB-4F15-9248-96299651D8AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D73A21F9-4189-4131-8058-2E4572738ABB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD1A1A04-A618-4846-BC02-5D8BAF3EEBBB}" = lport=3390 | protocol=6 | dir=in | app=system |
"{E4814C12-8429-4670-8B9A-53D94296B15D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E892004F-C4C1-40EE-9FDD-DB9BC2673FE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EBDB8279-CBB0-4EE3-B410-5A965D28D6BC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED7F1839-77C1-45CA-9C1B-FE44FC111021}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F28C7DEF-B077-4321-8302-2EBC025E4085}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F99E7DF8-A96B-43FC-9C77-E727EDAC8AA6}" = lport=10244 | protocol=6 | dir=in | app=system |
"{FEEDE1EE-462C-46FF-95EA-072207D7A9C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FFD99AD1-E537-4FE2-A597-D2F1BD74BCB9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022A445C-0FB6-44AD-957F-51DA23B3C16F}" = protocol=6 | dir=in | app=c:\users\seanna and jason\desktop\programs\itunes.exe |
"{05B4E557-2D33-4ECA-ABDF-D62A04AD9D02}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E6A69BF-8B22-4AC2-92D4-4624F19DB5D3}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{286D8534-8C09-4C4D-997D-753606C75317}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{29D90F7F-F1B0-40A2-902C-FA393F2E66C1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2FBAEDC6-2C75-4F19-894F-B6E0853746F2}" = protocol=6 | dir=out | app=system |
"{3E533661-C481-4F9D-AE37-5DA5BD828440}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{45499558-D22E-4A03-9259-F295514AA6E4}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{509B3379-5205-4AC7-A920-FF252A78DE50}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{51839DBF-9391-4838-A960-EF1FD5A3559B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{55188883-8EB1-4E95-B010-DE8D28B73556}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{55709576-BCFA-4925-AD22-675E6049DC21}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{562B6CA5-80B3-4F4C-93A0-FE5485FB2927}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{577D4164-34CB-4BF3-946E-DD91EC08CD1D}" = protocol=6 | dir=in | app=c:\trickster online\splash.exe |
"{5BA5D803-8DCC-4425-8385-937A54B8C87A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{60EB8CC4-3393-4914-B788-99E3EF34191F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{65A28BAE-BC58-4D3A-8CE0-A28D25A74A6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65CDAC0F-7839-4066-83D9-AE7DE8B79572}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E78F4AD-D646-4FA3-98A7-6EF43A83127B}" = protocol=17 | dir=in | app=c:\users\seanna and jason\desktop\programs\itunes.exe |
"{702C7DD8-0CBF-46A8-B3AC-D4D37D0E99F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CFECEDD-4F5D-4942-9DB3-94056D100ABA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{87DCB5D2-2096-4A94-ADEA-5131D9D2786A}" = protocol=17 | dir=in | app=c:\trickster online\splash.exe |
"{91B7234C-2C64-4548-B62D-B722472F9488}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{923792CC-CD6B-4321-9567-E4834213FB69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9259837C-4094-4887-A269-7DAC05F93103}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A9BFD27A-D871-4CE3-B5FB-04317A88CFF1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B08906A7-0935-47F3-9D1C-8F43F3CADB4D}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{B9B3BDA7-4C12-4A42-8F47-363961A1EC47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB1256E0-5FCB-48C7-89D3-5236C9120706}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C1E6DAAB-1EA1-4B36-94BF-33DB3D13F11D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2103611-2440-4D57-9476-795601CFEA44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C96441B2-6962-46FE-9BE9-E1211879D06B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D35E7706-0871-4A86-92B9-949D592874AC}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{DFC9C09B-9B5B-46E6-B471-8A0498C3E9DA}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{E58EC96B-83B1-4E40-BE3C-09214860FC24}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F015FE9B-AACD-4444-A43D-94AC77CFFF32}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F1965915-97C3-4027-8637-8FF36AF534EA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{133090DB-C87B-468D-8650-A3679E39EF45}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{942371F4-4A49-4F9A-B016-3C6F2376BAFA}C:\users\seanna and jason\desktop\programs\itunes.exe" = protocol=6 | dir=in | app=c:\users\seanna and jason\desktop\programs\itunes.exe |
"TCP Query User{C4482628-7A9A-4693-9307-B22E51A152A3}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{FFF8322D-4CDB-4857-B50C-9E697FFE365D}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{6A9A6D19-8F74-4D5F-806D-22909F2AD7E9}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{6F557909-08FD-452B-BDE2-8920641B12EB}C:\users\seanna and jason\desktop\programs\itunes.exe" = protocol=17 | dir=in | app=c:\users\seanna and jason\desktop\programs\itunes.exe |
"UDP Query User{80F40258-486C-4E97-8793-6361377CFE41}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{CC1E2C6F-7A8C-4A7F-8D80-33D9AFCAB7D5}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6293E558-F111-45D8-A09E-450754379679}" = iHome Keyboard Driver
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97c97aa7-682c-49ca-8548-988665a67780}" = Nero 9 Lite
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A6CCAEF5-F141-4BBE-A6DA-EA8A8362C7A6}" = MapleStory
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}" = MobileMe Control Panel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"avast!" = avast! Antivirus
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Arms" = Combat Arms
"Cross Fire_is1" = Cross Fire En
"Defraggler" = Defraggler
"DFO" = Dungeon Fighter Online
"Drum Machine" = Drum Machine 1.36 BETA
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free Window Registry Repair" = Free Window Registry Repair
"Glary Registry Repair_is1" = Glary Registry Repair 3.2.0.828
"HijackThis" = HijackThis 2.0.2
"InstallShield_{6293E558-F111-45D8-A09E-450754379679}" = iHome Keyboard Driver
"KeyScrambler" = KeyScrambler
"LimeWire" = LimeWire 5.4.6
"LSI Soft Modem" = LSI PCI-SV92PP Soft Modem
"Mabinogi" = Mabinogi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Startup Delayer" = Startup Delayer v2.5 (build 138)
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"Trickster Online" = Trickster Online
"VLC media player" = VLC media player 1.0.3
"WavePad" = WavePad Sound Editor
"WinGimp-2.0_is1" = GIMP 2.6.5
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/31/2009 6:31:11 AM | Computer Name = DaComputer | Source = Windows Search Service | ID = 3013
Description =

Error - 12/31/2009 10:37:51 PM | Computer Name = DaComputer | Source = WinMgmt | ID = 10
Description =

Error - 12/31/2009 10:38:28 PM | Computer Name = DaComputer | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/31/2009 10:38:28 PM | Computer Name = DaComputer | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/31/2009 10:38:28 PM | Computer Name = DaComputer | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/31/2009 10:38:29 PM | Computer Name = DaComputer | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/31/2009 10:38:29 PM | Computer Name = DaComputer | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/31/2009 10:38:29 PM | Computer Name = DaComputer | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/31/2009 10:38:29 PM | Computer Name = DaComputer | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/2/2010 3:09:14 AM | Computer Name = DaComputer | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 12/9/2009 3:09:38 AM | Computer Name = DaComputer | Source = Mcx2Dvcs | ID = 401
Description =

[ System Events ]
Error - 8/29/2009 10:53:33 PM | Computer Name = computer | Source = Service Control Manager | ID = 7011
Description =

Error - 8/29/2009 10:53:33 PM | Computer Name = computer | Source = Service Control Manager | ID = 7022
Description =

Error - 8/29/2009 10:53:33 PM | Computer Name = computer | Source = Service Control Manager | ID = 7011
Description =

Error - 8/29/2009 10:53:33 PM | Computer Name = computer | Source = Service Control Manager | ID = 7011
Description =

Error - 8/29/2009 10:53:33 PM | Computer Name = computer | Source = Service Control Manager | ID = 7011
Description =

Error - 8/30/2009 1:20:05 AM | Computer Name = computer | Source = Service Control Manager | ID = 7016
Description =

Error - 8/30/2009 3:29:08 PM | Computer Name = computer | Source = Service Control Manager | ID = 7016
Description =

Error - 8/31/2009 2:39:47 AM | Computer Name = computer | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.100. The computer with the IP address 192.168.1.101 did
not allow the name to be claimed by this computer.

Error - 8/31/2009 5:40:58 AM | Computer Name = computer | Source = Service Control Manager | ID = 7016
Description =

Error - 8/31/2009 3:20:12 PM | Computer Name = computer | Source = Service Control Manager | ID = 7022
Description =


< End of report >







#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:20 AM

Posted 20 January 2010 - 05:08 PM

Hi,

please also provide a log from gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 ainoskedu

ainoskedu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 20 January 2010 - 06:51 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-20 13:50:20
Windows 6.0.6002 Service Pack 2
Running: wc06nle2.exe; Driver: C:\Users\SEANNA~1\AppData\Local\Temp\axroquoc.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 849D7BF8
INT 0x52 ? 86F44F00
INT 0x62 ? 86F44F00
INT 0x82 ? 849D6ED8
INT 0x92 ? 849D7BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spma.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8A99741B 5 Bytes JMP 86F444E0
.text a2zfg6zg.SYS 8E329000 22 Bytes [82, B3, 5D, 82, 6C, B2, 5D, ...]
.text a2zfg6zg.SYS 8E329017 45 Bytes [00, 32, A7, 71, 80, 3D, A5, ...]
.text a2zfg6zg.SYS 8E329045 135 Bytes [1A, 2C, 82, FD, 99, 25, 82, ...]
.text a2zfg6zg.SYS 8E3290CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text a2zfg6zg.SYS 8E3290DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806106D6] \SystemRoot\System32\Drivers\spma.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80610042] \SystemRoot\System32\Drivers\spma.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80610800] \SystemRoot\System32\Drivers\spma.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806100C0] \SystemRoot\System32\Drivers\spma.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8061013E] \SystemRoot\System32\Drivers\spma.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8061FE9C] \SystemRoot\System32\Drivers\spma.sys
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortWritePortUchar] 838E34EF
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8E34C0
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\a2zfg6zg.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[652] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00060002
IAT C:\Windows\system32\services.exe[652] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00060000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 857231F8
Device \Driver\volmgr \Device\VolMgrControl 849D91F8
Device \Driver\usbohci \Device\USBPDO-0 86F451F8
Device \Driver\usbehci \Device\USBPDO-1 86E4A430
Device \Driver\nvstor32 \Device\00000055 857221F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\PCI_PNP8625 \Device\00000049 spma.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{C7C8BEDE-299B-4042-8C60-4C45B48B14ED} 87E6B1F8
Device \Driver\nvstor32 \Device\00000057 857221F8
Device \Driver\volmgr \Device\HarddiskVolume1 849D91F8
Device \Driver\volmgr \Device\HarddiskVolume2 849D91F8
Device \Driver\cdrom \Device\CdRom0 86F511F8
Device \Driver\cdrom \Device\CdRom1 86F511F8
Device \Driver\volmgr \Device\HarddiskVolume3 849D91F8
Device \Driver\atapi \Device\Ide\IdePort0 857211F8
Device \Driver\atapi \Device\Ide\IdePort1 857211F8
Device \Driver\cdrom \Device\CdRom2 86F511F8
Device \Driver\volmgr \Device\HarddiskVolume4 849D91F8
Device \Driver\cdrom \Device\CdRom3 86F511F8
Device \Driver\volmgr \Device\HarddiskVolume5 849D91F8
Device \Driver\USBSTOR \Device\00000068 881B71F8
Device \Driver\cdrom \Device\CdRom4 86F511F8
Device \Driver\volmgr \Device\HarddiskVolume6 849D91F8
Device \Driver\USBSTOR \Device\00000069 881B71F8
Device \Driver\volmgr \Device\HarddiskVolume7 849D91F8
Device \Driver\netbt \Device\NetBt_Wins_Export 87E6B1F8
Device \Driver\sptd \Device\1882450632 spma.sys
Device \Driver\Smb \Device\NetbiosSmb 87E681F8
Device \Driver\nvstor32 \Device\RaidPort0 857221F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\nvstor32 \Device\RaidPort1 857221F8
Device \Driver\USBSTOR \Device\0000006a 881B71F8
Device \Driver\iScsiPrt \Device\RaidPort2 86F5E1F8
Device \Driver\USBSTOR \Device\0000006b 881B71F8
Device \Driver\USBSTOR \Device\0000006c 881B71F8
Device \Driver\usbohci \Device\USBFDO-0 86F451F8
Device \Driver\USBSTOR \Device\0000006d 881B71F8
Device \Driver\usbehci \Device\USBFDO-1 86E4A430
Device \Driver\a2zfg6zg \Device\Scsi\a2zfg6zg1Port5Path0Target0Lun0 87032500
Device \Driver\a2zfg6zg \Device\Scsi\a2zfg6zg1Port5Path0Target2Lun0 87032500
Device \Driver\a2zfg6zg \Device\Scsi\a2zfg6zg1 87032500
Device \Driver\a2zfg6zg \Device\Scsi\a2zfg6zg1Port5Path0Target3Lun0 87032500
Device \Driver\a2zfg6zg \Device\Scsi\a2zfg6zg1Port5Path0Target1Lun0 87032500
Device \FileSystem\cdfs \Cdfs 85169500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Users\Seanna and Jason\Desktop\programs\Daemon tools\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE2 0x71 0x3D 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x16 0xE2 0x2D 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x61 0x45 0x56 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xCF 0x67 0xF8 0xB4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xCF 0x67 0xF8 0xB4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xCF 0x67 0xF8 0xB4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Users\Seanna and Jason\Desktop\programs\Daemon tools\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE2 0x71 0x3D 0x34 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x16 0xE2 0x2D 0x1D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x61 0x45 0x56 0x2F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xCF 0x67 0xF8 0xB4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xCF 0x67 0xF8 0xB4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xCF 0x67 0xF8 0xB4 ...

---- EOF - GMER 1.0.15 ----


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:20 AM

Posted 20 January 2010 - 07:19 PM

Hi,

you have a proxy set in your internet options. Could you please disable it and check if you can update then:
  • In Internet Explorer under Tools in the browser tool bar select Internet Options.
  • In the Internet Options window that pops up, click the Connections tab at the top.
  • Click LAN Settings near the bottom of the Connections section.
  • If the Proxy server checkbox is marked with a check, click it to uncheck it.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 ainoskedu

ainoskedu
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 20 January 2010 - 08:36 PM

lol..... thank you very much lol ... that explained why my ie7 did not work for the longest... thanks for for you time thumbup.gif

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:20 AM

Posted 20 January 2010 - 09:03 PM

Hi,

happy to see that this seems to have solved your problem.
Otherwise your logs appear to be fine, just to be safe I would like you to run a scan with Eset:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:20 AM

Posted 29 January 2010 - 06:09 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users