Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just cleaned my pc, but need to see if virus is gone...


  • This topic is locked This topic is locked
16 replies to this topic

#1 Rheanun

Rheanun

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 21 January 2010 - 05:37 AM

Hello again,
I finally got the internet security 2010 virus off my computer, or so I hope I got it off. That is why I am here again. I am going to post my hijack this log for ya'll to look at. I keep running my virus and spyware programs and they keep picking up different things. I just want my computer clean again so here goes....and thanks for any help!

Logfile of HijackThis v1.99.1
Scan saved at 3:28:58 AM, on 1/21/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\AOL\1225088068\ee\AOLSoftware.exe
D:\Program Files\AOL 9.1\waol.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
H:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1225088068\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [AOL Fast Start] "D:\Program Files\AOL 9.1\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232483351421
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:47 AM

Posted 27 January 2010 - 08:02 AM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 Rheanun

Rheanun
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 30 January 2010 - 05:04 AM

Here is my new hijack this log and the other log you asked for below that one. Thanks so much for your help......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:48 AM, on 1/30/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\AOL\1225088068\ee\AOLSoftware.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\PROGRA~1\AOL9~1.1\waol.exe
D:\PROGRA~1\AOL9~1.1\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1225088068\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKCU\..\Run: [AOL Fast Start] "D:\PROGRA~1\AOL9~1.1\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232483351421
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6731 bytes
---------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by Princess of the bean at 3:01:42.04 on Sat 01/30/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.545 [GMT -7:00]

AV: avast! antivirus 4.8.1368 [VPS 100130-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\AOL\1225088068\ee\AOLSoftware.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\PROGRA~1\AOL9~1.1\waol.exe
D:\PROGRA~1\AOL9~1.1\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Princess of the bean\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AOL Fast Start] "d:\progra~1\aol9~1.1\AOL.EXE" -b
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [HostManager] c:\program files\common files\aol\1225088068\ee\AOLSoftware.exe
mRun: [DXM6Patch_981116] c:\windows\p_981116.exe /Q:A
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\documents and settings\princess of the bean\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_11.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232483351421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\prince~1\applic~1\mozilla\firefox\profiles\mlzovv07.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\princess of the bean\application data\mozilla\firefox\profiles\mlzovv07.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\gobit games\browserplugin\npgobitgamesplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-17 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-19 130936]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2009-9-19 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-26 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-10-26 138680]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-10-26 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-10-26 352920]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-5-11 10880]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\590.tmp --> c:\windows\system32\590.tmp [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-19 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-1-19 1097096]
S3 vtayn;vtayn;\??\c:\docume~1\prince~1\locals~1\temp\vtayn.sys --> c:\docume~1\prince~1\locals~1\temp\vtayn.sys [?]

=============== Created Last 30 ================

2010-01-30 02:57:25 0 d-----w- c:\program files\common files\muvee Technologies
2010-01-30 02:57:10 0 d-----w- c:\program files\common files\Nikon
2010-01-30 02:56:08 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2010-01-28 01:49:59 2829 ----a-w- c:\windows\DiabUnin.pif
2010-01-28 01:49:59 118784 ----a-w- c:\windows\DiabUnin.exe
2010-01-28 01:49:53 5766 ----a-w- c:\windows\DiabUnin.dat
2010-01-27 06:38:30 167936 ----a-w- c:\windows\system32\Engine3D021206.dll
2010-01-27 01:08:07 92208 ----a-w- c:\windows\system\Wing.dll
2010-01-27 01:08:07 12800 ----a-w- c:\windows\system\Wing32.dll
2010-01-26 01:43:59 0 d-----w- C:\OEMSettings
2010-01-26 01:43:43 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-01-26 01:43:25 0 d-----w- c:\program files\NETGEAR
2010-01-25 02:26:16 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-01-25 02:26:16 140800 ----a-w- c:\windows\system32\tm20dec.ax
2010-01-25 02:26:14 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-01-25 02:26:11 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-01-25 02:26:08 5672 ----a-w- c:\windows\system32\quartz.vxd
2010-01-25 02:26:08 11776 ----a-w- c:\windows\system32\mciqtz.drv
2010-01-25 02:26:08 10240 ----a-w- c:\windows\system32\vidx16.dll
2010-01-25 02:26:07 194320 ----a-w- c:\windows\system32\qcut.dll
2010-01-25 02:26:04 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-01-25 02:26:04 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-01-25 02:05:03 0 ----a-w- c:\windows\PowerReg.dat
2010-01-19 18:18:46 0 ----a-w- c:\windows\system32\13943.exe
2010-01-19 17:58:46 0 ----a-w- c:\windows\system32\21101.exe
2010-01-19 17:36:41 0 d-----w- c:\docume~1\prince~1\applic~1\Malwarebytes
2010-01-19 17:32:44 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-19 17:32:28 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-19 17:32:28 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-19 17:32:09 0 d-----w- c:\program files\common files\PC Tools
2010-01-19 17:32:08 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-19 17:31:51 0 d-----w- c:\program files\Spyware Doctor
2010-01-19 17:31:51 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-01-19 17:20:11 0 ----a-w- c:\windows\system32\21726.exe
2010-01-19 17:00:11 0 ----a-w- c:\windows\system32\5447.exe
2010-01-19 16:48:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 16:48:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 16:48:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 16:48:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-19 16:40:11 0 ----a-w- c:\windows\system32\19895.exe
2010-01-19 16:20:11 0 ----a-w- c:\windows\system32\19718.exe
2010-01-19 16:00:11 0 ----a-w- c:\windows\system32\18716.exe
2010-01-19 15:40:11 0 ----a-w- c:\windows\system32\17421.exe
2010-01-19 15:20:11 0 ----a-w- c:\windows\system32\12382.exe
2010-01-19 15:00:11 0 ----a-w- c:\windows\system32\292.exe
2010-01-19 14:40:11 0 ----a-w- c:\windows\system32\153.exe
2010-01-19 14:20:11 0 ----a-w- c:\windows\system32\3902.exe
2010-01-19 14:00:11 0 ----a-w- c:\windows\system32\14604.exe
2010-01-19 13:40:11 0 ----a-w- c:\windows\system32\32391.exe
2010-01-19 13:20:11 0 ----a-w- c:\windows\system32\5436.exe
2010-01-19 13:00:11 0 ----a-w- c:\windows\system32\4827.exe
2010-01-19 12:40:11 0 ----a-w- c:\windows\system32\11942.exe
2010-01-19 12:20:11 0 ----a-w- c:\windows\system32\2995.exe
2010-01-19 12:00:11 0 ----a-w- c:\windows\system32\491.exe
2010-01-19 11:40:11 0 ----a-w- c:\windows\system32\9961.exe
2010-01-19 11:20:11 0 ----a-w- c:\windows\system32\16827.exe
2010-01-19 11:00:10 0 ----a-w- c:\windows\system32\23281.exe
2010-01-19 10:40:10 0 ----a-w- c:\windows\system32\28145.exe
2010-01-19 10:20:10 0 ----a-w- c:\windows\system32\5705.exe
2010-01-19 10:00:10 0 ----a-w- c:\windows\system32\24464.exe
2010-01-19 09:40:10 0 ----a-w- c:\windows\system32\26962.exe
2010-01-19 09:20:09 0 ----a-w- c:\windows\system32\29358.exe
2010-01-19 09:00:09 0 ----a-w- c:\windows\system32\11478.exe
2010-01-19 08:40:08 0 ----a-w- c:\windows\system32\15724.exe
2010-01-19 08:20:08 0 ----a-w- c:\windows\system32\19169.exe
2010-01-19 08:00:08 0 ----a-w- c:\windows\system32\26500.exe
2010-01-19 07:40:08 0 ----a-w- c:\windows\system32\6334.exe
2010-01-19 07:20:07 0 ----a-w- c:\windows\system32\18467.exe
2010-01-19 06:54:29 0 ----a-w- c:\windows\system32\16032.exe
2010-01-19 06:34:29 0 ----a-w- c:\windows\system32\10729.exe
2010-01-19 06:14:29 0 ----a-w- c:\windows\system32\9817.exe
2010-01-19 05:54:29 0 ----a-w- c:\windows\system32\13683.exe
2010-01-19 05:05:33 0 ----a-w- c:\windows\system32\4310.exe
2010-01-19 04:45:31 0 ----a-w- c:\windows\system32\583.exe
2010-01-19 04:25:31 0 ----a-w- c:\windows\system32\5203.exe
2010-01-19 04:05:29 0 ----a-w- c:\windows\system32\11797.exe
2010-01-19 03:45:29 0 ----a-w- c:\windows\system32\29894.exe
2010-01-19 03:25:29 0 ----a-w- c:\windows\system32\5180.exe
2010-01-19 03:05:29 0 ----a-w- c:\windows\system32\23011.exe
2010-01-19 02:35:38 0 d-----w- c:\program files\msn gaming zone
2010-01-19 02:33:26 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-01-19 02:33:17 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-01-19 02:33:17 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-01-19 02:33:17 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-01-19 02:33:17 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-01-19 02:33:17 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-01-19 02:33:02 0 d-----w- c:\program files\Online Services
2010-01-19 02:19:57 13753 ----a-r- c:\windows\SET76.tmp
2010-01-19 02:19:54 1086058 ----a-r- c:\windows\SET6A.tmp
2010-01-19 02:19:52 1042903 ----a-r- c:\windows\SET67.tmp
2010-01-16 02:14:36 1 ----a-w- C:\s
2010-01-14 19:43:29 0 d-----w- c:\docume~1\prince~1\applic~1\NevoSoft Games
2010-01-09 20:13:17 0 d-----w- c:\docume~1\prince~1\applic~1\GameBlend
2010-01-09 20:13:17 0 d-----w- c:\docume~1\alluse~1\applic~1\GameBlend
2010-01-09 19:55:55 0 d-----w- c:\docume~1\prince~1\applic~1\Pogo Games
2010-01-08 18:34:47 0 d-----w- c:\docume~1\prince~1\applic~1\Ludia
2010-01-08 18:34:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Ludia
2010-01-08 18:03:17 0 d-----w- c:\docume~1\prince~1\applic~1\Amaranth Games
2010-01-06 21:13:50 0 d-----w- c:\docume~1\prince~1\applic~1\ValuSoft
2010-01-06 21:13:50 0 d-----w- c:\docume~1\alluse~1\applic~1\ValuSoft
2010-01-05 13:30:18 0 d-----w- c:\docume~1\prince~1\applic~1\Virtual City
2010-01-04 06:42:08 0 d-----w- c:\docume~1\prince~1\applic~1\blg
2010-01-04 06:42:08 0 d-----w- c:\docume~1\alluse~1\applic~1\blg
2010-01-03 20:00:14 0 d-----w- c:\docume~1\alluse~1\applic~1\HoverBee Studios
2010-01-03 10:17:14 0 d-----w- c:\docume~1\prince~1\applic~1\ViquaSoft
2010-01-03 10:04:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Crenetic
2010-01-03 10:00:44 0 d-----w- c:\docume~1\prince~1\applic~1\Mean Hamster
2010-01-03 10:00:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Mean Hamster
2010-01-03 09:50:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Fenomen Games
2010-01-03 09:38:04 0 d-----w- c:\windows\Supermarket Management
2010-01-03 09:23:06 0 d-----w- c:\docume~1\prince~1\applic~1\Got Game Entertainment
2010-01-03 08:03:04 0 d-----w- c:\docume~1\alluse~1\applic~1\AlawarWrapper
2010-01-03 07:48:28 4 ----a-w- c:\windows\win32t4.dll
2010-01-03 07:10:55 0 d-----w- c:\windows\Downloaded Installations
2010-01-03 06:40:44 0 d-----w- c:\windows\Romopolis
2010-01-03 06:24:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Artist Colony

==================== Find3M ====================

2010-01-30 02:56:00 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-01-27 06:08:16 44544 ------w- c:\windows\AWuninstall.exe
2010-01-19 02:31:16 22720 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-12-25 14:16:10 157668 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-23 01:03:35 53248 ----a-w- c:\windows\system32\unrar.dll
2007-12-28 22:02:12 287232 ----a-w- c:\windows\inf\wg111v3\wg111v3.sys
2007-12-28 21:59:30 342528 ----a-w- c:\windows\inf\wg111v3\vista64\wg111v3.sys
2007-11-28 00:53:58 63488 ----a-w- c:\windows\inf\wg111v3\SetDrv64.exe
2007-11-28 00:52:44 32768 ----a-w- c:\windows\inf\wg111v3\SetDrv.exe
2006-12-15 18:30:36 98304 ----a-w- c:\windows\inf\wg111v3\UScanM.exe
2006-12-15 18:30:36 315392 ----a-w- c:\windows\inf\wg111v3\InstallDriver.exe
2006-12-15 18:30:36 212992 ----a-w- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 18:30:36 20480 ----a-w- c:\windows\inf\wg111v3\RTWUPath.exe
2006-12-15 18:30:36 19968 ----a-w- c:\windows\inf\wg111v3\RTWREFU.EXE

============= FINISH: 3:01:53.17 ===============


#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:47 PM

Posted 30 January 2010 - 10:41 AM

Hello, Rheanun
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 Rheanun

Rheanun
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 01 February 2010 - 07:13 PM

Thank you for your help Tom. Here is the log.............

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-01 17:09:44
Windows 5.1.2600 Service Pack 2
Running: p38ku2it.exe; Driver: C:\DOCUME~1\PRINCE~1\LOCALS~1\Temp\axtdypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:47 PM

Posted 02 February 2010 - 02:37 PM

Hi,

  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 Rheanun

Rheanun
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 02 February 2010 - 11:14 PM

testing..................

Edited by Rheanun, 02 February 2010 - 11:23 PM.


#8 Rheanun

Rheanun
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 02 February 2010 - 11:18 PM

OTL logfile created on: 2/2/2010 9:03:25 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Princess of the bean\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 473.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.29 Gb Total Space | 4.28 Gb Free Space | 29.94% Space Free | Partition Type: NTFS
Drive D: | 19.10 Gb Total Space | 13.09 Gb Free Space | 68.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 19.53 Gb Total Space | 16.41 Gb Free Space | 84.02% Space Free | Partition Type: NTFS
Drive G: | 48.83 Gb Total Space | 30.36 Gb Free Space | 62.18% Space Free | Partition Type: NTFS
Drive H: | 46.13 Gb Total Space | 37.45 Gb Free Space | 81.19% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: SATAN
Current User Name: Princess of the bean
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/02 14:12:32 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Princess of the bean\Desktop\OTL.exe
PRC - [2010/01/05 18:03:48 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 16:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/10 05:43:40 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/09/30 14:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/09/23 19:04:49 | 000,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/07/01 10:34:48 | 002,326,528 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008/06/24 11:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1225088068\ee\aolsoftware.exe
PRC - [2008/06/02 22:36:06 | 000,039,264 | ---- | M] (AOL, LLC.) -- D:\Program Files\AOL 9.1\waol.exe
PRC - [2008/06/02 22:36:05 | 000,054,624 | ---- | M] (AOL, LLC.) -- D:\Program Files\AOL 9.1\shellmon.exe
PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/02/02 14:12:32 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Princess of the bean\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/21 22:04:00 | 001,028,432 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/22 22:44:48 | 001,097,096 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/10 05:43:40 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/09/23 21:05:00 | 000,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/09/23 19:04:49 | 000,581,632 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/06/04 22:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 22:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {6ad56361-628f-471b-8f9d-4c338973a87d}:5.27.1.1
FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "http://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 21:12:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/05 18:04:00 | 000,000,000 | ---D | M]

[2008/10/26 17:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Mozilla\Extensions
[2010/02/02 15:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Mozilla\Firefox\Profiles\mlzovv07.default\extensions
[2009/04/23 14:29:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Princess of the bean\Application Data\Mozilla\Firefox\Profiles\mlzovv07.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/28 14:53:14 | 000,000,000 | ---D | M] (AOL Radio Toolbar) -- C:\Documents and Settings\Princess of the bean\Application Data\Mozilla\Firefox\Profiles\mlzovv07.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
[2009/04/09 14:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Mozilla\Firefox\Profiles\mlzovv07.default\extensions\chachaguidebar@chacha.com
[2009/01/20 09:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Mozilla\Firefox\Profiles\mlzovv07.default\extensions\moveplayer@movenetworks.com
[2010/02/02 15:05:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/23 21:49:56 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008/06/02 22:35:57 | 000,002,275 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\aolsearch.xml

O1 HOSTS File: ([2010/01/20 20:51:12 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1225088068\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKCU..\Run: [AOL Fast Start] D:\Program Files\AOL 9.1\aol.exe (AOL, LLC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: C:\Documents and Settings\Princess of the bean\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1232483351421 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 192.168.1.1 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Princess of the bean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Princess of the bean\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/26 15:50:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{278578f0-ad3a-11dd-b46a-00038a000015}\Shell\AutoRun\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{278578f0-ad3a-11dd-b46a-00038a000015}\Shell\install\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{278578f0-ad3a-11dd-b46a-00038a000015}\Shell\usermanualEnglish\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{278578f0-ad3a-11dd-b46a-00038a000015}\Shell\usermanualFrench\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{278578f0-ad3a-11dd-b46a-00038a000015}\Shell\usermanualSpanish\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{54ae3eab-5e99-11de-a064-00038a000015}\Shell\AutoRun\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{54ae3eab-5e99-11de-a064-00038a000015}\Shell\install\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{54ae3eab-5e99-11de-a064-00038a000015}\Shell\usermanualEnglish\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{54ae3eab-5e99-11de-a064-00038a000015}\Shell\usermanualFrench\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{54ae3eab-5e99-11de-a064-00038a000015}\Shell\usermanualSpanish\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{9f307fc6-cfc2-11dd-b4bd-00038a000015}\Shell\AutoRun\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{9f307fc6-cfc2-11dd-b4bd-00038a000015}\Shell\install\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{9f307fc6-cfc2-11dd-b4bd-00038a000015}\Shell\usermanualEnglish\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{9f307fc6-cfc2-11dd-b4bd-00038a000015}\Shell\usermanualFrench\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{9f307fc6-cfc2-11dd-b4bd-00038a000015}\Shell\usermanualSpanish\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{ebc19504-4bcc-11de-a04c-00038a000015}\Shell\Auto\command - "" = G:\Start.exe -- File not found
O33 - MountPoints2\{ebc19504-4bcc-11de-a04c-00038a000015}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/01/18 12:10:19 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765113575899136)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/02 14:12:29 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Princess of the bean\Desktop\OTL.exe
[2010/01/31 20:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Princess of the bean\Desktop\New Folder
[2010/01/30 09:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\iwin
[2010/01/30 02:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Hijackthis
[2010/01/29 20:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Princess of the bean\Application Data\Nikon
[2010/01/29 19:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/01/29 19:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2010/01/29 19:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/01/29 19:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/01/29 19:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/01/27 18:49:59 | 000,118,784 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DiabUnin.exe
[2010/01/27 00:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Princess of the bean\Desktop\picstosendmom
[2010/01/27 00:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Princess of the bean\My Documents\img019
[2010/01/26 23:38:30 | 000,167,936 | ---- | C] (Maxim Chernousov, AlphaPlugins, admin@alphaplugins.com) -- C:\WINDOWS\System32\Engine3D021206.dll
[2010/01/25 18:43:59 | 000,000,000 | ---D | C] -- C:\OEMSettings
[2010/01/25 18:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010/01/24 19:26:16 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2010/01/22 18:52:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Princess of the bean\Recent
[2010/01/20 20:51:36 | 000,000,000 | ---D | C] -- C:\ERDNT
[2008/10/26 16:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/10/26 15:54:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/10/26 15:54:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/10/26 15:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/11/24 12:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/02 14:12:32 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Princess of the bean\Desktop\OTL.exe
[2010/02/02 14:11:47 | 000,001,179 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/01 22:03:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/01 17:04:59 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\p38ku2it.exe
[2010/02/01 15:24:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/01 15:23:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/01 15:23:44 | 000,055,160 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/02/01 15:22:20 | 013,369,344 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\ntuser.dat
[2010/02/01 15:22:20 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Princess of the bean\ntuser.ini
[2010/01/31 23:14:09 | 000,117,597 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Untitled-3 copy.jpg
[2010/01/31 23:07:50 | 000,143,078 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Untitled-2 copy.jpg
[2010/01/31 23:03:13 | 000,354,835 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Untitled-1 copy.jpg
[2010/01/31 20:33:04 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/31 20:30:36 | 003,268,608 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/01/31 20:30:35 | 001,629,184 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/01/31 20:27:21 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/01/31 19:04:55 | 002,116,898 | -H-- | M] () -- C:\Documents and Settings\Princess of the bean\Local Settings\Application Data\IconCache.db
[2010/01/31 16:39:40 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/29 19:57:30 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nikon Transfer.lnk
[2010/01/29 19:56:08 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\ColorSync
[2010/01/29 19:56:08 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Princess of the bean\Application Data\Classical
[2010/01/29 19:56:08 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Common
[2010/01/27 18:50:28 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to Diablo.exe.lnk
[2010/01/27 18:50:00 | 000,005,766 | ---- | M] () -- C:\WINDOWS\DiabUnin.dat
[2010/01/27 18:49:59 | 000,118,784 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DiabUnin.exe
[2010/01/27 18:49:59 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DiabUnin.pif
[2010/01/27 00:38:36 | 004,068,238 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\My Documents\img019.zip
[2010/01/26 23:39:32 | 000,000,011 | ---- | M] () -- C:\WINDOWS\3DShadow.INI
[2010/01/26 23:08:16 | 000,044,544 | ---- | M] () -- C:\WINDOWS\AWuninstall.exe
[2010/01/26 14:22:02 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/01/25 18:43:29 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
[2010/01/24 21:45:03 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut (2) to age3.exe.lnk
[2010/01/24 19:26:12 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/01/24 19:26:12 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/01/24 19:14:16 | 000,256,000 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Start Menu\Programs\Startup\PowerReg Scheduler.exe
[2010/01/24 19:05:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2010/01/24 19:03:48 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Bratz ™.lnk
[2010/01/22 18:45:44 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to BOS.exe.lnk
[2010/01/22 18:41:42 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to quake2.exe.lnk
[2010/01/22 17:11:27 | 000,000,477 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to quake3.exe.lnk
[2010/01/21 16:51:46 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to Pirates!.exe.lnk
[2010/01/20 20:51:12 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/20 17:46:39 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to dmcr.exe.lnk
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/02 01:34:13 | 071,366,729 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\HRS.118_www.warez-arena.net.part2.rar
[2010/02/02 01:33:58 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\HRS.118_www.warez-arena.net.part1.rar
[2010/02/02 01:11:53 | 069,781,657 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\HRS.117_www.warez-arena.net.part2.rar
[2010/02/02 01:11:33 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\HRS.117_www.warez-arena.net.part1.rar
[2010/02/01 17:04:55 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\p38ku2it.exe
[2010/01/31 23:14:07 | 000,117,597 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Untitled-3 copy.jpg
[2010/01/31 23:07:46 | 000,143,078 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Untitled-2 copy.jpg
[2010/01/31 03:39:37 | 000,354,835 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Untitled-1 copy.jpg
[2010/01/29 19:57:30 | 000,001,627 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nikon Transfer.lnk
[2010/01/29 19:56:08 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\ColorSync
[2010/01/29 19:56:08 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Princess of the bean\Application Data\Classical
[2010/01/29 19:56:08 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/01/29 19:56:08 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Common
[2010/01/28 02:26:32 | 366,458,880 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Heroes.S01E16.DVDRip.XviD-TOPAZ.avi
[2010/01/27 18:50:28 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to Diablo.exe.lnk
[2010/01/27 18:49:59 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DiabUnin.pif
[2010/01/27 18:49:53 | 000,005,766 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2010/01/27 00:38:05 | 004,068,238 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\My Documents\img019.zip
[2010/01/25 18:43:29 | 000,001,792 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
[2010/01/24 21:45:03 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut (2) to age3.exe.lnk
[2010/01/24 19:26:08 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/01/24 19:26:08 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2010/01/24 19:14:14 | 000,256,000 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Start Menu\Programs\Startup\PowerReg Scheduler.exe
[2010/01/24 19:05:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/01/24 19:03:48 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Bratz ™.lnk
[2010/01/22 18:45:44 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to BOS.exe.lnk
[2010/01/22 18:41:42 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to quake2.exe.lnk
[2010/01/22 17:01:45 | 000,000,477 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to quake3.exe.lnk
[2010/01/21 16:51:46 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to Pirates!.exe.lnk
[2010/01/20 17:46:39 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to dmcr.exe.lnk
[2010/01/03 00:48:28 | 000,000,004 | ---- | C] () -- C:\WINDOWS\win32t4.dll
[2009/11/22 18:03:35 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/28 13:30:15 | 000,000,427 | ---- | C] () -- C:\WINDOWS\Buildalot4.ini
[2009/10/20 05:49:36 | 000,000,011 | ---- | C] () -- C:\WINDOWS\3DShadow.INI
[2009/09/19 13:18:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2009/08/05 08:45:36 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/08/05 08:45:35 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/07/01 14:48:41 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\VERMONT1.DLL
[2009/07/01 14:48:41 | 000,012,416 | ---- | C] () -- C:\WINDOWS\System32\VRX1.DLL
[2009/05/30 22:52:25 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/02 13:20:49 | 000,000,048 | ---- | C] () -- C:\WINDOWS\dmi.ini
[2009/04/02 13:20:48 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/04/02 12:59:03 | 000,000,490 | ---- | C] () -- C:\WINDOWS\SStylerPro.ini
[2009/03/26 16:16:12 | 000,070,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/03/19 23:06:04 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\shellses.dll
[2009/03/16 22:03:36 | 000,009,472 | ---- | C] () -- C:\WINDOWS\unsqz.dll
[2009/03/16 22:03:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\@loha.ini
[2009/03/06 01:29:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Transmogrifier.INI
[2009/02/09 00:23:45 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/01/09 19:22:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/12/11 20:17:06 | 000,007,203 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/11/21 15:06:00 | 000,000,727 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/01 13:06:18 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/10/26 22:11:49 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/26 17:22:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2008/07/05 04:14:48 | 000,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/07/05 04:14:44 | 003,591,168 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/07/05 04:13:16 | 000,708,096 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/06/22 10:34:00 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/06/13 04:39:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/06/12 11:36:38 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/07/10 09:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2004/10/03 10:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/04 05:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/03 17:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2001/08/23 12:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

========== LOP Check ==========

[2009/11/22 19:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/01/03 01:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/01/02 23:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2008/10/27 13:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/01/03 23:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2009/08/03 16:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge
[2010/01/03 03:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Crenetic
[2009/07/10 20:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CupcakeCafe
[2009/02/27 14:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2010/01/29 19:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/09/05 14:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2009/10/03 15:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2010/01/03 02:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
[2009/11/03 04:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/01/09 13:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameBlend
[2009/06/11 00:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/07/29 09:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2010/01/09 12:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2010/01/03 13:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2009/11/11 22:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2009/10/03 15:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2009/10/29 11:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin_generic
[2009/02/10 01:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lifetime
[2010/01/08 11:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/01/03 03:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster
[2009/06/26 13:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/02/10 02:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/12/17 00:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009/09/24 17:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/01/29 19:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/12/18 23:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2010/01/08 22:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/09/23 21:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/10/20 05:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redfield
[2009/10/07 23:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/12/24 15:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/01/20 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/22 01:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames
[2009/06/27 00:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2010/01/29 19:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/01/06 14:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ValuSoft
[2008/10/26 23:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/03 15:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/10/09 18:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/07 21:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/09/17 22:01:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/06/27 01:05:27 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Princess of the bean\Application Data\.#
[2009/03/27 00:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\AGD plugin
[2009/11/24 22:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Alawar
[2010/01/08 11:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Amaranth Games
[2008/12/16 08:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Ashampoo
[2010/01/03 23:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\blg
[2009/03/12 14:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Boolat Games
[2009/02/27 14:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Boomzap
[2009/08/03 16:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\CasualForge
[2008/10/27 16:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\CoreFTP
[2008/10/29 13:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\DAEMON Tools
[2009/11/15 01:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\DNA
[2010/01/04 01:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\EleFun Games
[2010/01/09 13:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\GameBlend
[2009/02/10 01:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\GameHouse
[2010/01/08 11:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Gamelab
[2009/08/05 09:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Games
[2009/09/04 19:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\GetRightToGo
[2010/01/03 02:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Got Game Entertainment
[2009/10/03 15:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\iWin
[2009/10/29 11:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\iWin_generic
[2008/12/28 13:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Leadertech
[2010/01/08 11:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Ludia
[2010/01/03 03:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Mean Hamster
[2010/01/14 12:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\NevoSoft Games
[2010/01/29 20:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Nikon
[2008/12/18 23:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Oberon Games
[2009/02/04 14:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\OpenOffice.org
[2010/01/08 22:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\PlayFirst
[2009/03/12 14:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Playrix Entertainment
[2010/01/09 12:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Pogo Games
[2009/07/17 13:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Reflexive JanesZOO
[2009/04/01 21:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Shape games
[2009/08/24 14:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Skinux
[2009/05/13 00:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Sony
[2008/12/24 15:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Sony Setup
[2009/10/03 15:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Sudden Games LLC
[2009/12/01 15:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Thinstall
[2009/04/22 01:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\TikGames
[2009/06/27 00:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\UClick
[2010/01/06 14:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\ValuSoft
[2010/01/03 03:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\ViquaSoft
[2010/01/05 06:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Virtual City
[2010/01/08 11:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Wildfire
[2009/10/07 13:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\YoudaGames
[2010/02/01 22:03:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/01/26 14:22:02 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/10/26 23:17:09 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: AHCIX86.SYS >
[2008/03/07 18:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-10_xp32_dd_ccc_wdm_enu_69561\SBDrv\RAID7xx\x86\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIASRAID.SYS >
[2003/10/31 11:22:00 | 000,077,312 | R--- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\WINDOWS\system32\drivers\viasraid.sys

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAD001CC
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B51CAAE
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375FC7E7
< End of report >
----------------------------------------------------------------------------------

OTL Extras logfile created on: 2/2/2010 9:03:25 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Princess of the bean\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 473.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.29 Gb Total Space | 4.28 Gb Free Space | 29.94% Space Free | Partition Type: NTFS
Drive D: | 19.10 Gb Total Space | 13.09 Gb Free Space | 68.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 19.53 Gb Total Space | 16.41 Gb Free Space | 84.02% Space Free | Partition Type: NTFS
Drive G: | 48.83 Gb Total Space | 30.36 Gb Free Space | 62.18% Space Free | Partition Type: NTFS
Drive H: | 46.13 Gb Total Space | 37.45 Gb Free Space | 81.19% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: SATAN
Current User Name: Princess of the bean
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58570:TCP" = 58570:TCP:*:Enabled:Pando Media Booster
"58570:UDP" = 58570:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"56338:TCP" = 56338:TCP:*:Enabled:Pando Media Booster
"56338:UDP" = 56338:UDP:*:Enabled:Pando Media Booster
"6112:UDP" = 6112:UDP:*:Enabled:Diablo II - Lord of Destruction
"6119:TCP" = 6119:TCP:*:Enabled:Diablo II - Lord of Destruction
"6112:TCP" = 6112:TCP:*:Enabled:Diablo II - Lord Of Destruction
"6119:UDP" = 6119:UDP:*:Enabled:Diablo II - Lord Of Destruction
"58570:TCP" = 58570:TCP:*:Enabled:Pando Media Booster
"58570:UDP" = 58570:UDP:*:Enabled:Pando Media Booster
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"D:\Program Files\Combat Arms\CombatArms.exe" = D:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"D:\Program Files\Combat Arms\Engine.exe" = D:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\aol\1225088068\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1225088068\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"D:\Program Files\AOL 9.1\waol.exe" = D:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"D:\Program Files\NovaLogic\Joint Operations Typhoon Rising\jointops.exe" = D:\Program Files\NovaLogic\Joint Operations Typhoon Rising\jointops.exe:*:Enabled:jointops -- File not found
"D:\Program Files\THQ\Dawn Of War\W40k.exe" = D:\Program Files\THQ\Dawn Of War\W40k.exe:*:Enabled:W40k -- File not found
"D:\Program Files\Microsoft Games\Rise of Nations\rise.exe" = D:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- File not found
"D:\Program Files\NovaLogic\Joint Operations Typhoon Rising\UPDATE.EXE" = D:\Program Files\NovaLogic\Joint Operations Typhoon Rising\UPDATE.EXE:*:Enabled:UPDATE -- File not found
"C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\Jointops.exe" = C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\Jointops.exe:*:Enabled:Jointops -- File not found
"D:\Program Files\kodak\Kodak EasyShare software\bin\EasyShare.exe" = D:\Program Files\kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found
"D:\Program Files\Warcraft III\Warcraft III.exe" = D:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe:*:Enabled:war3.exe -- File not found
"D:\Program Files\Diablo II\Diablo II.exe" = D:\Program Files\Diablo II\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction -- (Blizzard North)
"D:\Program Files\quake2.exe" = D:\Program Files\quake2.exe:*:Enabled:quake2 -- File not found
"D:\Program Files\quake2\quake2.exe" = D:\Program Files\quake2\quake2.exe:*:Enabled:quake2 -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"D:\Program Files\Combat Arms\CombatArms.exe" = D:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"D:\Program Files\Combat Arms\Engine.exe" = D:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"D:\Program Files\Combat Arms\NMService.exe" = D:\Program Files\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\Program Files\Battleship\BattleshipSA.exe" = D:\Program Files\Battleship\BattleshipSA.exe:*:Enabled: Battleship -- File not found
"H:\Program Files\quake3.exe" = H:\Program Files\quake3.exe:*:Enabled:quake3 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"!Easy ScreenSaver Station" = !Easy ScreenSaver Station
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02548730-180A-487e-A726-A75CB6650AF7}" = D1400
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{22F358CE-610B-A033-0D36-4FADA6E8F67A}" = Skins
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{255F566C-3F57-15AD-2CA5-E7EA41F9904F}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 11
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{4287A29F-EA4C-24E4-4AAE-3E6CDC9C965A}" = CCC Help English
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4FEEDAA3-0D0C-7584-63F2-0F216D3426C9}" = ccc-core-preinstall
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{80AE66E6-E9FA-0CAC-C9F1-4E5A144886F0}" = Catalyst Control Center Graphics Full New
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D6EC7D6-E71D-8743-1396-591F4195F347}" = Catalyst Control Center Graphics Light
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FD697DD-C94F-22BE-6EFD-AA4CA7CF2B33}" = ccc-core-static
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBB19C0-1FE1-4A4E-B25F-C9E1B0497EC5}" = Shaiya(US)
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B38C3184-F573-CDC2-9452-FA9C576AB010}" = ccc-utility
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C7B4E1B8-07EF-4648-99BC-CCA2E637F13A}" = Bratz ™
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB6901C6-E8B7-F5F0-F0C6-9028AFCD5A74}" = Catalyst Control Center Graphics Previews Common
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E068CD0F-E631-17E7-9A01-05C2B2B54C84}" = Catalyst Control Center Core Implementation
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{EFE673F6-688A-42ed-9C6C-9DD8CF5A9B89}" = D1400_Help
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"3D Maker by Lokas Software" = 3D Maker by Lokas Software
"3D Shadow by Lokas Software" = 3D Shadow by Lokas Software
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"AlphaPlugins Ornament v 1.3. for Adobe After Effects_is1" = AlphaPlugins Ornament 1.3 for Adobe After Effects
"AlphaPlugins RedEyes for Adobe Photoshop_is1" = AlphaPlugins RedEyes
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Toolbar" = AOL Toolbar 2.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Artistic Effects by Lokas Software" = Artistic Effects by Lokas Software
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Avenue Flo_is1" = Avenue Flo
"Build-a-lot 4 Power Source_is1" = Build-a-lot 4 Power Source
"Burger Shop 2_is1" = Burger Shop 2
"Can You See What I See_is1" = Can You See What I See
"CCleaner" = CCleaner
"Coconut Queen_is1" = Coconut Queen
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Core FTP LE 2.1" = Core FTP LE 2.1
"DeleteProdRunControl_US" = IBM ViaVoice Command and Control Runtime 5.3
"Diablo" = Diablo
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"GameHouse" = GameHouse
"Gourmania_is1" = Gourmania
"Harry's Filters_is1" = Harry's Filters 3.01
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"Kelly Green Garden Queen_is1" = Kelly Green Garden Queen
"Kitty Luv_is1" = Kitty Luv
"Little Ink Pot's Xpose Plugin_is1" = Xpose Plugin v 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"Pet Shop Hop_is1" = Pet Shop Hop
"RCA Detective™_is1" = RCA Detective™ 2.0.0.99
"RCA easyRip_is1" = RCA easyRip 2.1.6.0
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"Spyware Doctor" = Spyware Doctor 6.1
"ST6UNST #1" = Hero Editor V0.96
"Tourist Trap_is1" = Tourist Trap
"Tumblebugs 2_is1" = Tumblebugs 2
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual City_is1" = Virtual City
"virtualStudio_is1" = virtualStudio 1.0.38
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Diablo" = Diablo

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 3/17/2009 12:41:45 AM | Computer Name = SATAN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
A:\MVC-588F.JPG failed, 0000A420.

Error - 3/17/2009 12:55:57 AM | Computer Name = SATAN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
A:\MVC-009S.JPG failed, 0000A420.

Error - 3/17/2009 12:56:05 AM | Computer Name = SATAN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
A:\MVC-009S.JPG failed, 0000A420.

Error - 3/17/2009 1:05:40 AM | Computer Name = SATAN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
A:\Cartoon.EXE failed, 0000001E.

Error - 6/15/2009 2:19:59 AM | Computer Name = SATAN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://rs646l34.rapidshare.com/files/21636..._1_CD_1.nrg.001
failed, 00000084.

Error - 11/8/2009 6:54:55 PM | Computer Name = SATAN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://ads.pointroll.com/PortalServe/?pid=...mp;pos=x&do
failed, 0000A413.

Error - 11/13/2009 7:40:34 PM | Computer Name = SATAN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://159.webim0302.webim.myspace.com/api/v1/events.json failed, 0000A413.

Error - 11/13/2009 7:40:45 PM | Computer Name = SATAN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://494.webim0302.webim.myspace.com/api/v1/events.json failed, 0000A413.

Error - 11/14/2009 7:05:30 PM | Computer Name = SATAN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.youtube.com/get_video_info?&...Ephp%3Ft%3D8878
failed, 0000A413.

Error - 11/15/2009 9:17:21 PM | Computer Name = SATAN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://308.webim0161.webim.myspace.com/api/v1/events.json failed, 0000A413.

[ Application Events ]
Error - 8/8/2009 9:15:22 PM | Computer Name = SATAN | Source = Application Hang | ID = 1002
Description = Hanging application launcher.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2009 9:15:22 PM | Computer Name = SATAN | Source = Application Hang | ID = 1002
Description = Hanging application launcher.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2009 9:15:22 PM | Computer Name = SATAN | Source = Application Hang | ID = 1002
Description = Hanging application launcher.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2009 9:15:23 PM | Computer Name = SATAN | Source = Application Hang | ID = 1002
Description = Hanging application launcher.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2009 9:15:23 PM | Computer Name = SATAN | Source = Application Hang | ID = 1002
Description = Hanging application launcher.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2009 9:15:59 PM | Computer Name = SATAN | Source = Application Hang | ID = 1002
Description = Hanging application launcher.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2009 9:23:20 PM | Computer Name = SATAN | Source = Application Hang | ID = 1002
Description = Hanging application launcher.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2009 9:24:18 PM | Computer Name = SATAN | Source = Application Hang | ID = 1002
Description = Hanging application launcher.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/19/2009 12:53:28 PM | Computer Name = SATAN | Source = Application Error | ID = 1000
Description = Faulting application unpacked.exe, version 1.0.0.1, faulting module
unpacked.exe, version 1.0.0.1, fault address 0x001506d2.

Error - 8/20/2009 8:39:32 PM | Computer Name = SATAN | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/30/2010 11:52:31 AM | Computer Name = SATAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 1/31/2010 7:40:03 PM | Computer Name = SATAN | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 1/31/2010 7:40:08 PM | Computer Name = SATAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 1/31/2010 10:07:58 PM | Computer Name = SATAN | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 1/31/2010 10:08:04 PM | Computer Name = SATAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 1/31/2010 11:35:51 PM | Computer Name = SATAN | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 2/1/2010 8:07:41 AM | Computer Name = SATAN | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 2/1/2010 8:07:47 AM | Computer Name = SATAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 2/1/2010 6:24:10 PM | Computer Name = SATAN | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 2/1/2010 6:24:15 PM | Computer Name = SATAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd


< End of report >


#9 Rheanun

Rheanun
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 02 February 2010 - 11:26 PM

Hello again, so sorry but I am not sure if I got both logs copied. Please tell me if I need to run again.

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:47 PM

Posted 03 February 2010 - 01:41 PM

Hi,


Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.




Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 18...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version.





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt




Also please post back with a fresh OTL logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 Rheanun

Rheanun
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 03 February 2010 - 05:33 PM

Ok here is the log for the virus scan. I didn't remove anything yet since you didn't say to have them remove anything. I just had them find stuff and then copy the log. So I will go back and remove when you say.......................

C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.AED virus
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GameVance8.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\Princess of the bean\Local Settings\Temp\jar_cache3542050374919704465.tmp OSX/Exploit.Smid.B trojan

I will post a new OTL file after I hear back from you. Thanks!

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:47 PM

Posted 04 February 2010 - 03:51 PM

Remove these and post the fresh OTL log please smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 Rheanun

Rheanun
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 05 February 2010 - 03:14 AM

OTL logfile created on: 2/5/2010 12:40:41 AM - Run 2
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Princess of the bean\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 580.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.29 Gb Total Space | 4.75 Gb Free Space | 33.23% Space Free | Partition Type: NTFS
Drive D: | 19.10 Gb Total Space | 13.12 Gb Free Space | 68.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 19.53 Gb Total Space | 16.41 Gb Free Space | 84.02% Space Free | Partition Type: NTFS
Drive G: | 48.83 Gb Total Space | 30.91 Gb Free Space | 63.30% Space Free | Partition Type: NTFS
Drive H: | 46.13 Gb Total Space | 37.61 Gb Free Space | 81.54% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: SATAN
Current User Name: Princess of the bean
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/03 12:27:59 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/02/02 14:12:32 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Princess of the bean\Desktop\OTL.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/11/24 16:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/30 14:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/09/23 19:04:49 | 000,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/07/01 10:34:48 | 002,326,528 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008/06/24 11:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1225088068\ee\aolsoftware.exe
PRC - [2008/06/02 22:36:06 | 000,039,264 | ---- | M] (AOL, LLC.) -- D:\Program Files\AOL 9.1\waol.exe
PRC - [2008/06/02 22:36:05 | 000,054,624 | ---- | M] (AOL, LLC.) -- D:\Program Files\AOL 9.1\shellmon.exe
PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 05:00:00 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/02/02 14:12:32 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Princess of the bean\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2010/02/03 12:27:59 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/21 22:04:00 | 001,028,432 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/22 22:44:48 | 001,097,096 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/09/23 21:05:00 | 000,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/09/23 19:04:49 | 000,581,632 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/06/04 22:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 22:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {6ad56361-628f-471b-8f9d-4c338973a87d}:5.27.1.1
FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 21:12:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/05 18:04:00 | 000,000,000 | ---D | M]

[2008/10/26 17:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Mozilla\Extensions
[2010/02/04 16:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Mozilla\Firefox\Profiles\mlzovv07.default\extensions
[2009/04/23 14:29:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Princess of the bean\Application Data\Mozilla\Firefox\Profiles\mlzovv07.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/28 14:53:14 | 000,000,000 | ---D | M] (AOL Radio Toolbar) -- C:\Documents and Settings\Princess of the bean\Application Data\Mozilla\Firefox\Profiles\mlzovv07.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
[2009/04/09 14:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Mozilla\Firefox\Profiles\mlzovv07.default\extensions\chachaguidebar@chacha.com
[2009/01/20 09:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Mozilla\Firefox\Profiles\mlzovv07.default\extensions\moveplayer@movenetworks.com
[2010/02/04 16:46:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/23 21:49:56 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008/06/02 22:35:57 | 000,002,275 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\aolsearch.xml

O1 HOSTS File: ([2010/01/20 20:51:12 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1225088068\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AOL Fast Start] D:\Program Files\AOL 9.1\aol.exe (AOL, LLC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: C:\Documents and Settings\Princess of the bean\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1232483351421 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 192.168.1.1 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: F:\screensavers\wallpapper\100_1341.bmp
O24 - Desktop BackupWallPaper: F:\screensavers\wallpapper\100_1341.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/26 15:50:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{278578f0-ad3a-11dd-b46a-00038a000015}\Shell\AutoRun\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{278578f0-ad3a-11dd-b46a-00038a000015}\Shell\install\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{278578f0-ad3a-11dd-b46a-00038a000015}\Shell\usermanualEnglish\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{278578f0-ad3a-11dd-b46a-00038a000015}\Shell\usermanualFrench\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{278578f0-ad3a-11dd-b46a-00038a000015}\Shell\usermanualSpanish\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{54ae3eab-5e99-11de-a064-00038a000015}\Shell\AutoRun\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{54ae3eab-5e99-11de-a064-00038a000015}\Shell\install\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{54ae3eab-5e99-11de-a064-00038a000015}\Shell\usermanualEnglish\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{54ae3eab-5e99-11de-a064-00038a000015}\Shell\usermanualFrench\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{54ae3eab-5e99-11de-a064-00038a000015}\Shell\usermanualSpanish\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{9f307fc6-cfc2-11dd-b4bd-00038a000015}\Shell\AutoRun\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{9f307fc6-cfc2-11dd-b4bd-00038a000015}\Shell\install\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{9f307fc6-cfc2-11dd-b4bd-00038a000015}\Shell\usermanualEnglish\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{9f307fc6-cfc2-11dd-b4bd-00038a000015}\Shell\usermanualFrench\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{9f307fc6-cfc2-11dd-b4bd-00038a000015}\Shell\usermanualSpanish\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{ebc19504-4bcc-11de-a04c-00038a000015}\Shell\Auto\command - "" = G:\Start.exe -- File not found
O33 - MountPoints2\{ebc19504-4bcc-11de-a04c-00038a000015}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/01/18 12:10:19 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765113575899136)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/03 12:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/03 12:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/03 12:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/02/02 14:12:29 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Princess of the bean\Desktop\OTL.exe
[2010/01/31 20:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Princess of the bean\Desktop\New Folder
[2010/01/30 09:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\iwin
[2010/01/30 02:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Hijackthis
[2010/01/29 20:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Princess of the bean\Application Data\Nikon
[2010/01/29 19:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/01/29 19:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2010/01/29 19:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/01/29 19:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/01/29 19:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/01/27 18:49:59 | 000,118,784 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DiabUnin.exe
[2010/01/27 00:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Princess of the bean\Desktop\picstosendmom
[2010/01/27 00:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Princess of the bean\My Documents\img019
[2010/01/26 23:38:30 | 000,167,936 | ---- | C] (Maxim Chernousov, AlphaPlugins, admin@alphaplugins.com) -- C:\WINDOWS\System32\Engine3D021206.dll
[2010/01/25 18:43:59 | 000,000,000 | ---D | C] -- C:\OEMSettings
[2010/01/25 18:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010/01/24 19:26:16 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2010/01/22 18:52:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Princess of the bean\Recent
[2008/10/26 16:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/10/26 15:54:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/10/26 15:54:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/10/26 15:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/11/24 12:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/05 00:38:59 | 000,001,179 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/04 23:00:22 | 013,369,344 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\ntuser.dat
[2010/02/04 22:04:09 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/03 20:05:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/03 20:04:42 | 000,055,160 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/02/03 20:04:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/03 12:37:41 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\esetsmartinstaller_enu.exe
[2010/02/03 12:20:31 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Princess of the bean\ntuser.ini
[2010/02/02 22:38:28 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/02 22:35:48 | 003,178,132 | -H-- | M] () -- C:\Documents and Settings\Princess of the bean\Local Settings\Application Data\IconCache.db
[2010/02/02 14:12:32 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Princess of the bean\Desktop\OTL.exe
[2010/02/02 01:55:22 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\HRS.118_www.warez-arena.net.part1.rar
[2010/02/02 01:49:23 | 071,366,729 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\HRS.118_www.warez-arena.net.part2.rar
[2010/02/02 01:32:30 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\HRS.117_www.warez-arena.net.part1.rar
[2010/02/02 01:26:10 | 069,781,657 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\HRS.117_www.warez-arena.net.part2.rar
[2010/01/31 20:33:04 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/31 20:30:36 | 003,268,608 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/01/31 20:30:35 | 001,629,184 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/01/31 20:27:21 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/01/29 19:57:30 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nikon Transfer.lnk
[2010/01/29 19:56:08 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\ColorSync
[2010/01/29 19:56:08 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Princess of the bean\Application Data\Classical
[2010/01/29 19:56:08 | 000,000,012 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Common
[2010/01/27 18:50:28 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to Diablo.exe.lnk
[2010/01/27 18:50:00 | 000,005,766 | ---- | M] () -- C:\WINDOWS\DiabUnin.dat
[2010/01/27 18:49:59 | 000,118,784 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DiabUnin.exe
[2010/01/27 18:49:59 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DiabUnin.pif
[2010/01/27 00:38:36 | 004,068,238 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\My Documents\img019.zip
[2010/01/26 23:39:32 | 000,000,011 | ---- | M] () -- C:\WINDOWS\3DShadow.INI
[2010/01/26 23:08:16 | 000,044,544 | ---- | M] () -- C:\WINDOWS\AWuninstall.exe
[2010/01/26 14:22:02 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/01/25 18:43:29 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
[2010/01/24 21:45:03 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut (2) to age3.exe.lnk
[2010/01/24 19:26:12 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/01/24 19:26:12 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/01/24 19:14:16 | 000,256,000 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Start Menu\Programs\Startup\PowerReg Scheduler.exe
[2010/01/24 19:05:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2010/01/24 19:03:48 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Bratz ™.lnk
[2010/01/22 18:45:44 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to BOS.exe.lnk
[2010/01/22 18:41:42 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to quake2.exe.lnk
[2010/01/22 17:11:27 | 000,000,477 | ---- | M] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to quake3.exe.lnk
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/03 12:37:10 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\esetsmartinstaller_enu.exe
[2010/01/29 19:57:30 | 000,001,627 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nikon Transfer.lnk
[2010/01/29 19:56:08 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\ColorSync
[2010/01/29 19:56:08 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Princess of the bean\Application Data\Classical
[2010/01/29 19:56:08 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/01/29 19:56:08 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Common
[2010/01/28 02:26:32 | 366,458,880 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Heroes.S01E16.DVDRip.XviD-TOPAZ.avi
[2010/01/27 18:50:28 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to Diablo.exe.lnk
[2010/01/27 18:49:59 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DiabUnin.pif
[2010/01/27 18:49:53 | 000,005,766 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2010/01/27 00:38:05 | 004,068,238 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\My Documents\img019.zip
[2010/01/25 18:43:29 | 000,001,792 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
[2010/01/24 21:45:03 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut (2) to age3.exe.lnk
[2010/01/24 19:26:08 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/01/24 19:26:08 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2010/01/24 19:14:14 | 000,256,000 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Start Menu\Programs\Startup\PowerReg Scheduler.exe
[2010/01/24 19:05:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/01/24 19:03:48 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Bratz ™.lnk
[2010/01/22 18:45:44 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to BOS.exe.lnk
[2010/01/22 18:41:42 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to quake2.exe.lnk
[2010/01/22 17:01:45 | 000,000,477 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Desktop\Shortcut to quake3.exe.lnk
[2010/01/03 00:48:28 | 000,000,004 | ---- | C] () -- C:\WINDOWS\win32t4.dll
[2009/11/22 18:03:35 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/28 13:30:15 | 000,000,427 | ---- | C] () -- C:\WINDOWS\Buildalot4.ini
[2009/10/20 05:49:36 | 000,000,011 | ---- | C] () -- C:\WINDOWS\3DShadow.INI
[2009/09/19 13:18:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2009/08/05 08:45:36 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/08/05 08:45:35 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/07/01 14:48:41 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\VERMONT1.DLL
[2009/07/01 14:48:41 | 000,012,416 | ---- | C] () -- C:\WINDOWS\System32\VRX1.DLL
[2009/05/30 22:52:25 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/02 13:20:49 | 000,000,048 | ---- | C] () -- C:\WINDOWS\dmi.ini
[2009/04/02 13:20:48 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/04/02 12:59:03 | 000,000,490 | ---- | C] () -- C:\WINDOWS\SStylerPro.ini
[2009/03/26 16:16:12 | 000,070,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/03/19 23:06:04 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\shellses.dll
[2009/03/16 22:03:36 | 000,009,472 | ---- | C] () -- C:\WINDOWS\unsqz.dll
[2009/03/16 22:03:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\@loha.ini
[2009/03/06 01:29:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Transmogrifier.INI
[2009/02/09 00:23:45 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/01/09 19:22:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/12/11 20:17:06 | 000,007,203 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/11/21 15:06:00 | 000,000,727 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/01 13:06:18 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/10/26 22:11:49 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Princess of the bean\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/26 17:22:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2008/07/05 04:14:48 | 000,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/07/05 04:14:44 | 003,591,168 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/07/05 04:13:16 | 000,708,096 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/06/22 10:34:00 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/06/13 04:39:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/06/12 11:36:38 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/07/10 09:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2004/10/03 10:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/04 05:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/03 17:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2001/08/23 12:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

========== LOP Check ==========

[2009/11/22 19:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/01/03 01:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/01/02 23:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2008/10/27 13:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/01/03 23:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2009/08/03 16:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge
[2010/01/03 03:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Crenetic
[2009/07/10 20:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CupcakeCafe
[2009/02/27 14:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2010/01/29 19:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/09/05 14:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2009/10/03 15:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2010/01/03 02:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
[2009/11/03 04:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/01/09 13:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameBlend
[2009/06/11 00:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/07/29 09:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2010/01/09 12:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2010/01/03 13:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2009/11/11 22:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2009/10/03 15:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2009/10/29 11:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin_generic
[2009/02/10 01:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lifetime
[2010/01/08 11:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/01/03 03:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster
[2009/06/26 13:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/02/10 02:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/12/17 00:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009/09/24 17:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/01/29 19:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/12/18 23:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2010/01/08 22:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/09/23 21:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/10/20 05:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redfield
[2009/10/07 23:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/12/24 15:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/01/20 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/22 01:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames
[2009/06/27 00:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2010/01/29 19:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/01/06 14:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ValuSoft
[2009/10/03 15:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/10/09 18:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/07 21:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/09/17 22:01:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/06/27 01:05:27 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Princess of the bean\Application Data\.#
[2009/03/27 00:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\AGD plugin
[2009/11/24 22:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Alawar
[2010/01/08 11:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Amaranth Games
[2008/12/16 08:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Ashampoo
[2010/01/03 23:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\blg
[2009/03/12 14:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Boolat Games
[2009/02/27 14:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Boomzap
[2009/08/03 16:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\CasualForge
[2008/10/27 16:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\CoreFTP
[2008/10/29 13:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\DAEMON Tools
[2009/11/15 01:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\DNA
[2010/01/04 01:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\EleFun Games
[2010/01/09 13:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\GameBlend
[2009/02/10 01:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\GameHouse
[2010/01/08 11:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Gamelab
[2009/08/05 09:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Games
[2009/09/04 19:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\GetRightToGo
[2010/01/03 02:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Got Game Entertainment
[2009/10/03 15:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\iWin
[2009/10/29 11:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\iWin_generic
[2008/12/28 13:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Leadertech
[2010/01/08 11:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Ludia
[2010/01/03 03:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Mean Hamster
[2010/01/14 12:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\NevoSoft Games
[2010/01/29 20:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Nikon
[2008/12/18 23:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Oberon Games
[2009/02/04 14:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\OpenOffice.org
[2010/01/08 22:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\PlayFirst
[2009/03/12 14:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Playrix Entertainment
[2010/01/09 12:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Pogo Games
[2009/07/17 13:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Reflexive JanesZOO
[2009/04/01 21:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Shape games
[2009/08/24 14:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Skinux
[2009/05/13 00:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Sony
[2008/12/24 15:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Sony Setup
[2009/10/03 15:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Sudden Games LLC
[2009/12/01 15:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Thinstall
[2009/04/22 01:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\TikGames
[2009/06/27 00:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\UClick
[2010/01/06 14:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\ValuSoft
[2010/01/03 03:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\ViquaSoft
[2010/01/05 06:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Virtual City
[2010/01/08 11:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\Wildfire
[2009/10/07 13:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Princess of the bean\Application Data\YoudaGames
[2010/02/04 22:04:09 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/01/26 14:22:02 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/10/26 23:17:09 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: AHCIX86.SYS >
[2008/03/07 18:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-10_xp32_dd_ccc_wdm_enu_69561\SBDrv\RAID7xx\x86\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIASRAID.SYS >
[2003/10/31 11:22:00 | 000,077,312 | R--- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\WINDOWS\system32\drivers\viasraid.sys

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAD001CC
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B51CAAE
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375FC7E7
< End of report >


#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:47 PM

Posted 05 February 2010 - 01:47 PM

How is it running now? smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 Rheanun

Rheanun
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 05 February 2010 - 08:35 PM

Everything seems to be running just fine. Thanks so much, I was so paranoid after I got that virus. That is one of the rotten ones for sure. You guys are the best on here. This is the first place I come anytime my pc is in trouble. Thanks again and keep up the great work!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users