Hi Tom,
Thanks a lot for your help. I'll be posting the logs you asked for in the same order you gave. Although I didn't have an option to export the ESET log as you instructed so I'm going to put the one from C:\Program Files\ESET\ESET Online Scanner\log.txt.
Also combofix crashed the computer when I ran the script into it the first time (blue screen for a couple seconds then restarted on its own). The second time it went fine.
ComboFix log:ComboFix 10-02-20.04 - Xaelya 02/21/2010 10:56:14.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2826 [GMT -5:00]
Running from: c:\documents and settings\Xaelya\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Xaelya\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 )))))))))))))))))))))))))))))))
.
2010-02-17 02:48 . 2005-08-26 00:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-02-17 02:48 . 2010-02-17 02:51 -------- d-----w- c:\program files\SpywareBlaster
2010-02-17 02:08 . 2010-02-17 02:08 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-02-17 02:08 . 2010-02-17 02:08 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-02-17 02:07 . 2010-02-17 02:07 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-17 02:07 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-17 01:29 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-17 01:26 . 2010-02-17 01:26 503808 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61362516-n\msvcp71.dll
2010-02-17 01:26 . 2010-02-17 01:26 499712 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61362516-n\jmc.dll
2010-02-17 01:26 . 2010-02-17 01:26 348160 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61362516-n\msvcr71.dll
2010-02-17 01:26 . 2010-02-17 01:26 61440 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-71a749c3-n\decora-sse.dll
2010-02-17 01:26 . 2010-02-17 01:26 12800 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-71a749c3-n\decora-d3d.dll
2010-02-17 01:13 . 2010-02-17 01:13 52224 ----a-w- c:\documents and settings\Xaelya\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-17 01:13 . 2010-02-17 01:13 117760 ----a-w- c:\documents and settings\Xaelya\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-17 01:13 . 2010-02-17 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-17 01:12 . 2010-02-17 01:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-17 01:12 . 2010-02-17 01:12 -------- d-----w- c:\documents and settings\Xaelya\Application Data\SUPERAntiSpyware.com
2010-02-17 00:01 . 2010-02-17 00:01 -------- d-----w- C:\VundoFix Backups
2010-02-03 14:46 . 2010-02-03 14:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-03 04:32 . 2010-02-03 04:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-24 22:58 . 2010-01-24 22:58 -------- d-----w- c:\program files\Funcom
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 15:47 . 2009-01-27 00:02 256 ----a-w- c:\windows\system32\pool.bin
2010-02-21 15:46 . 2009-04-11 23:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-17 17:52 . 2009-02-09 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-17 02:07 . 2009-02-09 00:49 -------- d-----w- c:\program files\Lavasoft
2010-02-17 01:37 . 2008-12-06 18:38 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-17 01:26 . 2008-12-06 22:31 -------- d-----w- c:\program files\Common Files\Java
2010-02-17 01:26 . 2008-12-06 22:31 -------- d-----w- c:\program files\Java
2010-02-17 01:12 . 2008-12-10 18:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-16 20:58 . 2008-12-06 19:12 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Skype
2010-02-16 13:01 . 2008-12-06 19:13 -------- d-----w- c:\documents and settings\Xaelya\Application Data\skypePM
2010-02-10 22:36 . 2008-12-09 23:57 1 ----a-w- c:\documents and settings\Xaelya\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-05 04:11 . 2009-11-10 21:27 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Move Networks
2010-02-04 18:54 . 2009-09-23 19:08 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-04 15:53 . 2009-02-09 00:51 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-04 02:55 . 2010-01-19 15:05 -------- d-----w- c:\program files\Entropia Universe
2010-02-03 04:32 . 2008-12-06 19:12 -------- d-----w- c:\program files\Google
2010-01-31 22:20 . 2008-12-06 19:19 -------- d-----w- c:\documents and settings\Xaelya\Application Data\SecondLife
2010-01-27 18:54 . 2009-07-01 13:03 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-21 02:27 . 2010-01-21 02:27 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Metaversum
2010-01-21 02:26 . 2010-01-21 02:26 -------- d-----w- c:\program files\Metaversum
2010-01-20 17:51 . 2010-01-20 02:56 -------- d-----w- c:\program files\Multiverse World Browser
2010-01-16 21:12 . 2010-01-16 21:12 -------- d-----w- c:\documents and settings\Xaelya\Application Data\MH GED
2010-01-16 21:06 . 2008-12-06 19:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-16 21:06 . 2010-01-16 21:06 -------- d-----w- c:\program files\McGraw Hill
2010-01-16 00:29 . 2010-01-03 21:26 -------- d-----w- c:\program files\Sudoku
2010-01-13 20:48 . 2009-09-30 19:04 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-13 03:22 . 2010-01-13 03:22 -------- d-----w- c:\program files\DivX
2010-01-13 03:22 . 2010-01-13 03:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-12 21:09 . 2009-04-12 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 21:08 . 2009-07-01 13:35 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-11 17:18 . 2009-08-17 13:33 -------- d-----w- c:\program files\Logitech
2010-01-09 02:35 . 2010-01-09 02:35 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Artogon
2010-01-09 02:35 . 2009-12-12 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-01-08 23:19 . 2010-01-08 23:18 -------- d-----w- c:\program files\Haunted Hotel
2010-01-08 23:16 . 2009-12-12 04:17 -------- d-----w- c:\program files\bfgclient
2010-01-08 22:36 . 2010-01-03 19:35 -------- d-----w- c:\program files\Mystery Case Files - Huntsville
2010-01-08 00:48 . 2010-01-03 19:30 -------- d-----w- c:\program files\Hidden Wonders of the Depths
2010-01-07 21:53 . 2009-12-12 04:23 -------- d-----w- c:\program files\Megaplex Madness - Now Playing
2010-01-07 21:07 . 2009-04-12 00:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-04-12 00:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 23:52 . 2010-01-03 21:33 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Big Fish Games
2010-01-06 04:47 . 2010-01-02 04:41 -------- d-----w- c:\documents and settings\Xaelya\Application Data\PlayFirst
2010-01-06 04:47 . 2010-01-02 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-01-05 10:00 . 2004-08-04 01:07 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 01:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 01:07 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-05 03:22 . 2010-01-05 03:22 -------- d-----w- c:\documents and settings\Xaelya\Application Data\blg
2010-01-05 03:22 . 2010-01-05 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\blg
2010-01-04 02:37 . 2010-01-03 21:32 -------- d-----w- c:\program files\Burger Rush
2010-01-03 21:27 . 2010-01-03 21:27 -------- d-----w- c:\program files\Mystic Inn
2010-01-03 21:26 . 2010-01-03 21:26 -------- d-----w- c:\program files\BFG
2010-01-03 21:26 . 2010-01-03 21:26 -------- d-----w- c:\documents and settings\Xaelya\Application Data\demo
2010-01-03 21:09 . 2010-01-03 21:08 -------- d-----w- c:\program files\Hidden Expedition_DevilsTriangle
2010-01-03 19:38 . 2010-01-03 19:38 -------- d-----w- c:\program files\Treasure Seekers - Visions of Gold
2010-01-03 19:35 . 2010-01-03 19:35 -------- d-----w- c:\program files\Mahjong Towers Eternity
2010-01-03 19:34 . 2010-01-03 19:34 -------- d-----w- c:\program files\Azada
2010-01-03 19:32 . 2010-01-03 19:32 -------- d-----w- c:\program files\Spa Mania
2010-01-02 01:49 . 2010-01-02 01:49 -------- d-----w- c:\program files\Hotel Dash - Suite Success
2009-12-31 16:50 . 2004-08-04 01:07 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:28 . 2009-12-31 16:27 -------- d-----w- c:\program files\Avenue Flo
2009-12-17 22:14 . 2008-12-10 18:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2008-12-06 19:38 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 01:07 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-04 01:07 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-07 17:50 . 2009-04-28 23:38 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 18:22 . 2004-08-04 01:07 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 22:53 . 2009-11-30 22:53 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-27 17:11 . 2004-08-04 01:07 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-04 01:07 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 01:07 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 01:07 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-26 22:02 . 2009-11-26 22:02 236160 ----a-w- c:\windows\EasyGifAnimator_Toolbar_Uninstaller_2375.exe
2009-09-02 15:48 . 2009-09-02 15:47 73 --sha-w- c:\windows\system32\SYSDRV004.SYS
.
((((((((((((((((((((((((((((( SnapShot_2010-02-17_01.44.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-21 15:46 . 2010-02-21 15:46 16384 c:\windows\Temp\Perflib_Perfdata_1d4.dat
+ 2004-08-04 01:07 . 2010-02-21 15:50 78318 c:\windows\system32\perfc009.dat
- 2004-08-04 01:07 . 2010-02-17 01:42 78318 c:\windows\system32\perfc009.dat
+ 2009-02-09 01:19 . 2010-02-17 02:08 15880 c:\windows\system32\lsdelete.exe
- 2009-02-09 01:19 . 2009-10-29 17:55 15880 c:\windows\system32\lsdelete.exe
- 2009-10-15 17:54 . 2009-09-23 12:55 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2009-10-15 17:54 . 2010-02-04 15:53 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2009-10-29 17:55 . 2010-02-17 02:08 95024 c:\windows\system32\drivers\SBREDrv.sys
- 2008-12-06 19:44 . 2010-02-16 20:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-06 19:44 . 2010-02-17 02:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-06 19:44 . 2010-02-17 02:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-06 19:44 . 2010-02-16 20:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-02-17 02:07 . 2010-02-17 02:07 29926 c:\windows\Installer\{338F08AB-C262-42C7-B000-34DE1A475273}\_6FEFF9B68218417F98F549.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2004-08-04 01:07 . 2010-02-21 15:51 462498 c:\windows\system32\perfh009.dat
- 2004-08-04 01:07 . 2010-02-17 01:42 462498 c:\windows\system32\perfh009.dat
+ 2010-02-17 02:07 . 2010-02-17 02:07 167424 c:\windows\Installer\1af13c.msi
+ 2010-02-17 02:07 . 2010-02-17 02:07 1859072 c:\windows\Installer\1af132.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-01-28 1413120]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"ASUS Energy Saving"="c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe" [2008-01-28 1352704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"nwiz"="nwiz.exe" [2008-11-12 1630208]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-02-17 815184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
c:\documents and settings\Xaelya\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-11-12 1447184]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\SecondLifeReleaseCandidate\\SLVoice.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Hippo_OpenSim_Viewer\\Hippo_OpenSim_Viewer.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Metaversum\\Twinity\\bin\\Twinity.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/8/2009 7:51 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/28/2009 6:38 PM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1229232]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [12/6/2008 4:05 AM 16128]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/6/2008 2:54 PM 38560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 11:32 PM 135664]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [12/6/2008 4:11 AM 13225]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2010-02-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 02:08]
2010-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 04:32]
2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: {F6F31691-C6C1-4122-9B60-95975A5B74C2} = 137.118.1.32,137.118.1.33
DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} - hxxp://apps.vivaty.com/downloads/player/Vivaty%20Player%20for%20Viewing%203D%20Content.cab
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://aolsvc.aol.com/onlinegames/free-trial-fashion-dash/fashiondashweb.1.0.0.21.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dairy-dash/DairyDashWeb.1.0.0.16.cab
DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://aolsvc.aol.com/onlinegames/free-trial-doggie-dash/DoggieDash.1.0.0.6.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://aolsvc.aol.com/onlinegames/free-trial-chocolatier-2-secret-ingredients/Chocolatier2Web.1.0.0.14.cab
DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dress-shop-hop/DressShopHopWeb.1.0.0.9.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-21 11:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(620)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(684)
c:\windows\system32\nvLsp.dll
- - - - - - - > 'explorer.exe'(1956)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-21 11:01:28
ComboFix-quarantined-files.txt 2010-02-21 16:01
ComboFix2.txt 2010-02-21 15:24
ComboFix3.txt 2010-02-17 02:02
ComboFix4.txt 2010-02-17 01:45
ComboFix5.txt 2010-02-21 15:43
Pre-Run: 959,606,923,264 bytes free
Post-Run: 959,560,478,720 bytes free
- - End Of File - - 6F0A613D161C42B5EDFE173FE32D4712
Malwarebytes log:Malwarebytes' Anti-Malware 1.44
Database version: 3770
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
2/21/2010 10:37:32 AM
mbam-log-2010-02-21 (10-37-32).txt
Scan type: Quick Scan
Objects scanned: 113269
Time elapsed: 1 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ESET Online Scan log:ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=7.00.6000.16981 (vista_gdr.091215-2244)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3c42895e9efb024ea65398bbbc9b93aa
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-21 05:11:18
# local_time=2010-02-21 12:11:18 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 36243033 36243033 0 0
# compatibility_mode=768 16777215 100 0 37267221 37267221 0 0
# compatibility_mode=1797 16775141 100 100 0 42266096 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=109145
# found=0
# cleaned=0
# scan_time=3821
OTL.txt log:OTL logfile created on: 2/21/2010 2:24:31 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Xaelya\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 893.59 Gb Free Space | 95.93% Space Free | Partition Type: NTFS
Drive D: | 33.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-D60C9E255B
Current User Name: Xaelya
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/02/21 14:24:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xaelya\Desktop\OTL.exe
PRC - [2010/02/16 21:08:08 | 000,815,184 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/02/16 21:08:07 | 001,229,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/12/18 08:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/05 10:00:38 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/09 10:06:36 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/12 14:54:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/08 16:41:02 | 002,828,184 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/07 02:39:52 | 016,862,208 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2008/04/13 19:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/31 03:30:58 | 000,614,400 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe
PRC - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe
PRC - [2008/01/07 13:28:02 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lycosa\razertra.exe
PRC - [2007/11/20 16:53:36 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Lycosa\razerhid.exe
PRC - [2007/08/01 14:07:06 | 000,147,456 | ---- | M] () -- C:\Program Files\Razer\Diamondback 3G\razerhid.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007/02/14 11:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Diamondback 3G\razerofa.exe
PRC - [2006/04/18 01:42:14 | 000,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2006/04/18 01:41:24 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2005/07/19 16:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 14:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 13:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/08/03 20:07:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
========== Modules (SafeList) ========== MOD - [2010/02/21 14:24:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xaelya\Desktop\OTL.exe
MOD - [2009/11/21 10:51:04 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\aclayers.dll
MOD - [2008/04/13 19:12:05 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll
========== Win32 Services (SafeList) ========== SRV - [2010/02/16 21:08:07 | 001,229,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/02 23:32:37 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/05 10:00:38 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/09 10:06:36 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/23 21:51:35 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/12 14:54:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/01/29 12:24:46 | 000,163,840 | ---- | M] () [Auto | Stopped] -- C:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2007/08/16 08:56:16 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/08/16 08:56:14 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/08/16 08:56:10 | 001,092,080 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/07/24 05:14:08 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 05:14:06 | 000,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/04/18 01:42:14 | 000,311,296 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O1 HOSTS File: ([2009/02/08 20:36:10 | 000,292,138 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10060 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Easy Gif Animator Toolbar Helper) - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [ASUS Energy Saving] C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Xaelya\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3}
http://apps.vivaty.com/downloads/player/Vi...D%20Content.cab (Reg Error: Key error.)
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8}
http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.21.cab (CPlayFirstFashionDasControl Object)
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95}
http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.16.cab (CPlayFirstDairyDashWControl Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E}
http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://www.update.microsoft.com/microsoftu...b?1266370060343 (WUWebControl Class)
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96}
http://aolsvc.aol.com/onlinegames/free-tri...ash.1.0.0.6.cab (CPlayFirstDoggieDashControl Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/microsoftu...b?1266370053406 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429}
http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}
http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06}
http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.14.cab (CPlayFirstChocolatieControl Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147}
http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F}
http://aolsvc.aol.com/onlinegames/free-tri...Web.1.0.0.9.cab (CPlayFirstDressShopHControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.50.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/06 14:41:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/25 11:22:51 | 000,000,043 | RH-- | M] () - D:\AutoRun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/12/06 09:25:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56016913389584384)
========== Files/Folders - Created Within 14 Days ========== [2010/02/21 14:23:27 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Xaelya\Desktop\OTL.exe
[2010/02/21 11:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/21 10:55:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/02/21 10:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/02/17 12:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xaelya\Desktop\pics
[2010/02/16 23:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xaelya\My Documents\gmer
[2010/02/16 21:56:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Xaelya\Recent
[2010/02/16 21:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/02/16 21:07:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/16 21:07:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/02/16 20:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/16 20:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/16 20:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xaelya\Application Data\SUPERAntiSpyware.com
[2010/02/16 20:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/16 20:02:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/16 20:01:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/16 20:01:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/16 20:01:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/16 20:01:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/16 20:00:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/16 19:59:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/16 19:01:55 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/02/03 09:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/02 23:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/04/11 18:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/02/08 20:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/01/26 19:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/01/13 01:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/01/12 17:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/12/06 14:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/12/06 14:41:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/12/06 14:41:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 14 Days ========== [2010/02/21 14:24:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xaelya\Desktop\OTL.exe
[2010/02/21 13:54:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/21 13:37:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/21 11:01:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/21 11:00:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/21 10:51:00 | 000,462,498 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/21 10:50:59 | 000,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/21 10:50:59 | 000,078,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/21 10:47:11 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/02/21 10:46:39 | 000,197,602 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/21 10:46:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/21 10:46:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/21 10:42:28 | 003,866,973 | R--- | M] () -- C:\Documents and Settings\Xaelya\Desktop\ComboFix.exe
[2010/02/20 19:32:42 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Xaelya\NTUSER.DAT
[2010/02/20 19:32:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Xaelya\ntuser.ini
[2010/02/20 12:00:04 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Xaelya\Desktop\66f5yjsv.exe
[2010/02/20 11:59:45 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Xaelya\Desktop\dds.scr
[2010/02/20 11:55:23 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/16 23:32:27 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\gmer.zip
[2010/02/16 21:48:02 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Xaelya\Desktop\SpywareBlaster.lnk
[2010/02/16 21:08:40 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/16 21:08:35 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/02/16 21:07:34 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/16 20:12:54 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/16 20:02:16 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/02/16 19:29:03 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Xaelya\Desktop\JavaRa.zip
[2010/02/16 17:14:30 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Xaelya\Desktop\CCleaner.lnk
[2010/02/16 16:04:33 | 000,000,251 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/02/15 17:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/15 13:53:10 | 000,133,396 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-5.jpg
[2010/02/15 13:49:00 | 000,133,060 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-4.jpg
[2010/02/15 13:44:01 | 000,134,119 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-3.jpg
[2010/02/15 13:03:10 | 000,132,765 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-2.jpg
[2010/02/14 17:09:37 | 000,124,603 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Xae ning pic1.jpg
[2010/02/14 17:04:43 | 001,215,176 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Xae ning pic_001.png
[2010/02/14 16:47:24 | 000,263,877 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_005.jpg
[2010/02/14 16:46:49 | 000,243,702 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_004.jpg
[2010/02/14 16:46:08 | 000,275,956 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_002.jpg
[2010/02/14 16:45:32 | 000,281,964 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_001.jpg
[2010/02/14 16:34:57 | 001,561,847 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_005.png
[2010/02/14 16:31:48 | 001,338,842 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_004.png
[2010/02/14 16:31:24 | 001,418,883 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_003.png
[2010/02/14 16:30:00 | 001,449,528 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_002.png
[2010/02/14 16:28:03 | 001,625,762 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_001.png
[2010/02/11 22:46:06 | 000,605,892 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_003.png
[2010/02/11 22:09:45 | 000,286,955 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_002.jpg
[2010/02/11 22:09:18 | 000,258,702 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_001.jpg
[2010/02/11 20:25:46 | 001,633,804 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_002.png
[2010/02/11 19:25:11 | 001,544,288 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_001.png
[2010/02/10 19:14:03 | 000,173,615 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\xae writing2.jpg
[2010/02/10 19:13:16 | 000,153,103 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\xae writing1.jpg
[2010/02/09 13:49:26 | 000,145,394 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia.jpg
[2010/02/09 13:48:55 | 000,024,035 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Picture 10.jpg
[2010/02/09 13:48:43 | 000,021,793 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Picture 8.jpg
[2010/02/09 13:34:12 | 000,039,882 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Picture 15.jpg
[2010/02/08 22:38:57 | 000,285,788 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_002.jpg
[2010/02/08 22:37:15 | 000,275,978 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_001-2.jpg
[2010/02/08 22:36:40 | 002,278,043 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_001-2.png
[2010/02/08 22:15:11 | 001,137,115 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_008.png
[2010/02/08 22:10:46 | 001,332,137 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_007.png
[2010/02/08 22:09:04 | 001,131,203 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_006.png
[2010/02/08 22:07:16 | 001,006,706 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_005.png
[2010/02/08 21:59:34 | 001,058,321 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_004.png
[2010/02/08 21:01:41 | 001,478,195 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_003.png
[2010/02/08 21:00:01 | 001,652,286 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_002.png
[2010/02/08 19:37:44 | 001,581,484 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_001.png
[2010/02/08 12:51:02 | 000,014,261 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\valley of the shadow.docx
[2010/02/08 00:09:17 | 000,227,911 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia's frist appearance_002.jpg
[2010/02/08 00:08:31 | 000,255,677 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia's frist appearance_001.jpg
[2010/02/07 23:46:59 | 001,079,913 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia's frist appearance_002.png
[2010/02/07 23:37:09 | 001,451,794 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia's frist appearance_001.png
[2010/02/07 19:24:38 | 001,101,277 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Bang meditating to the eebil spirits_001.png
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/02/20 12:00:02 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Xaelya\Desktop\66f5yjsv.exe
[2010/02/16 23:33:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Xaelya\Desktop\gmer.exe
[2010/02/16 23:32:24 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\gmer.zip
[2010/02/16 21:48:02 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Xaelya\Desktop\SpywareBlaster.lnk
[2010/02/16 21:07:34 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/16 20:12:54 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/16 20:02:16 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/02/16 20:02:13 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/16 20:01:28 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/16 20:01:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/16 20:01:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/16 20:01:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/16 20:01:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/16 19:35:38 | 003,866,973 | R--- | C] () -- C:\Documents and Settings\Xaelya\Desktop\ComboFix.exe
[2010/02/16 19:29:02 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Xaelya\Desktop\JavaRa.zip
[2010/02/16 16:04:32 | 000,000,251 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/15 13:53:07 | 000,133,396 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-5.jpg
[2010/02/15 13:48:58 | 000,133,060 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-4.jpg
[2010/02/15 13:42:41 | 000,134,119 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-3.jpg
[2010/02/15 12:59:44 | 000,132,765 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-2.jpg
[2010/02/14 17:09:23 | 000,124,603 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Xae ning pic1.jpg
[2010/02/14 17:04:43 | 001,215,176 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Xae ning pic_001.png
[2010/02/14 16:47:22 | 000,263,877 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_005.jpg
[2010/02/14 16:46:48 | 000,243,702 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_004.jpg
[2010/02/14 16:46:07 | 000,275,956 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_002.jpg
[2010/02/14 16:45:32 | 000,281,964 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_001.jpg
[2010/02/14 16:34:57 | 001,561,847 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_005.png
[2010/02/14 16:31:48 | 001,338,842 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_004.png
[2010/02/14 16:31:24 | 001,418,883 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_003.png
[2010/02/14 16:30:00 | 001,449,528 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_002.png
[2010/02/14 16:28:03 | 001,625,762 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_001.png
[2010/02/11 22:46:06 | 000,605,892 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_003.png
[2010/02/11 22:09:44 | 000,286,955 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_002.jpg
[2010/02/11 22:09:16 | 000,258,702 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_001.jpg
[2010/02/11 20:25:46 | 001,633,804 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_002.png
[2010/02/11 19:25:11 | 001,544,288 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_001.png
[2010/02/10 19:14:02 | 000,173,615 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\xae writing2.jpg
[2010/02/10 19:13:15 | 000,153,103 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\xae writing1.jpg
[2010/02/09 13:49:22 | 000,145,394 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia.jpg
[2010/02/09 13:48:54 | 000,024,035 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Picture 10.jpg
[2010/02/09 13:48:42 | 000,021,793 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Picture 8.jpg
[2010/02/09 13:34:10 | 000,039,882 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Picture 15.jpg
[2010/02/08 22:38:55 | 000,285,788 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_002.jpg
[2010/02/08 22:37:10 | 000,275,978 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_001-2.jpg
[2010/02/08 22:36:32 | 002,278,043 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_001-2.png
[2010/02/08 22:15:11 | 001,137,115 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_008.png
[2010/02/08 22:10:46 | 001,332,137 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_007.png
[2010/02/08 22:09:04 | 001,131,203 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_006.png
[2010/02/08 22:07:16 | 001,006,706 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_005.png
[2010/02/08 21:59:34 | 001,058,321 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_004.png
[2010/02/08 21:01:41 | 001,478,195 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_003.png
[2010/02/08 21:00:01 | 001,652,286 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_002.png
[2010/02/08 19:37:44 | 001,581,484 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_001.png
[2010/02/08 12:51:01 | 000,014,261 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\valley of the shadow.docx
[2010/02/08 00:09:09 | 000,227,911 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia's frist appearance_002.jpg
[2010/02/08 00:08:28 | 000,255,677 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia's frist appearance_001.jpg
[2010/02/07 23:46:59 | 001,079,913 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia's frist appearance_002.png
[2010/02/07 23:37:09 | 001,451,794 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia's frist appearance_001.png
[2010/02/07 19:24:38 | 001,101,277 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Bang meditating to the eebil spirits_001.png
[2009/11/26 19:45:33 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\libmng.dll
[2009/09/02 10:47:45 | 000,000,073 | -HS- | C] () -- C:\WINDOWS\System32\SYSDRV004.SYS
[2009/09/02 10:47:43 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Xaelya\Application Data\Karaoke-Sing-n-Burn.INI
[2009/09/02 10:47:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\SYSTMBXNDRV.SYS
[2009/08/17 08:34:26 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009/08/17 08:34:26 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/03/25 14:04:42 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/01/07 15:31:50 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/01/07 15:31:37 | 000,007,023 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/12/30 10:12:38 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Xaelya\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/18 08:43:15 | 000,000,092 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/12/18 08:43:14 | 000,000,441 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/12/18 08:42:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2008/12/18 08:42:44 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2008/12/06 15:01:12 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/12/06 15:01:12 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/12/06 15:01:09 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/12/06 15:01:09 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/12/06 14:47:14 | 000,037,017 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/12/06 14:46:41 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/12/06 14:46:34 | 000,036,059 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/12/06 14:46:34 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/12/06 14:10:26 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/06 14:10:25 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/12/06 14:10:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/06 14:10:24 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/06 14:10:24 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/06 14:10:23 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/06 14:10:23 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/07/27 00:18:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/27 00:18:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/07/27 00:18:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/27 00:18:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/27 00:18:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/03 20:07:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/03 20:07:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/03 20:07:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/03 20:07:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/03 20:07:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ========== [2010/01/04 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2009/06/04 18:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/12/12 00:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2009/01/07 15:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2008/12/06 14:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/09/02 10:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/01/05 23:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/12/06 04:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Razer
[2010/02/21 10:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/06 03:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/12/06 03:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/16 17:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/02/16 21:07:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/11/30 18:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/17 17:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/01/08 21:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Artogon
[2009/08/28 15:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Auslogics
[2010/01/06 18:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Big Fish Games
[2009/11/10 20:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Blender Foundation
[2010/01/04 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\blg
[2010/01/03 16:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\demo
[2009/09/02 11:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Focus Mp3 Recorder
[2009/04/11 19:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\GetRightToGo
[2009/05/19 10:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Hippo_OpenSim_Viewer
[2009/01/07 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\MAGIX
[2010/01/20 21:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Metaversum
[2010/01/16 16:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\MH GED
[2008/12/09 18:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\OpenOffice.org
[2010/01/05 23:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\PlayFirst
[2009/01/26 19:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Research In Motion
[2010/01/31 17:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\SecondLife
[2008/12/06 13:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Windows Desktop Search
[2009/01/08 09:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Windows Search
[2010/02/21 13:54:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS >[2004/08/03 20:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/06 12:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/12/06 12:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >[2004/08/03 20:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/06 12:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/06 12:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:07:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 20:07:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 20:07:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >[2004/08/03 20:07:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 246 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0762150
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8247A199
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:639F0420
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
Extra.txt log:OTL Extras logfile created on: 2/21/2010 2:24:31 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Xaelya\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 893.59 Gb Free Space | 95.93% Space Free | Partition Type: NTFS
Drive D: | 33.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-D60C9E255B
Current User Name: Xaelya
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9 -- (Sonic Solutions)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Program Files\SecondLifeReleaseCandidate\SLVoice.exe" = C:\Program Files\SecondLifeReleaseCandidate\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Program Files\SecondLife\SecondLife.exe" = C:\Program Files\SecondLife\SecondLife.exe:*:Enabled:Second Life -- (Linden Lab)
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module -- (Sonic Solutions)
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9 -- (Sonic Solutions)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Hippo_OpenSim_Viewer\Hippo_OpenSim_Viewer.exe" = C:\Program Files\Hippo_OpenSim_Viewer\Hippo_OpenSim_Viewer.exe:*:Enabled:Hippo OpenSim Viewer -- (Linden Lab)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Metaversum\Twinity\bin\Twinity.exe" = C:\Program Files\Metaversum\Twinity\bin\Twinity.exe:*:Enabled:Twinity -- (Metaversum)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A0F7DFF-6F13-458C-8EC3-5386E8C251C6}" = BlackBerry Device Software Updater
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 18
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{685C7EBA-82F4-44F8-9514-911A69850DA3}" = Express Gate
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{AF5A39FE-51FB-4BA3-B399-2D1F0C65D617}_is1" = AusLogics System Information
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F63A3F0E-BE83-43E4-A9A2-153E877A857C}" = McGraw-Hill's GED
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"593AFD5277FA19E67C70E56534B45B0DDD9ED9FE" = Windows Driver Package - Razer (HidUsb) HIDClass (01/11/2007 1.0)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AFD653D92C0CA9E8F375124D6A0B19FFBA89B1D2" = Windows Driver Package - Razer (Razerlow) HIDClass (03/07/2007 1.0.0.2)
"Anarchy Online_is1" = Anarchy Online
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFG-Avenue Flo" = Avenue Flo
"BFG-Azada" = Azada ®
"BFG-Burger Rush" = Burger Rush
"BFG-Burger Shop 2" = Burger Shop 2
"BFGC" = Big Fish Games: Game Manager
"BFG-Haunted Hotel" = Haunted Hotel
"BFG-Hidden Expedition - Devils Triangle" = Hidden Expedition ® - Devil's Triangle
"BFG-Hidden Expedition - Everest" = Hidden Expedition: Everest ™
"BFG-Hidden Wonders of the Depths" = Hidden Wonders of the Depths
"BFG-Hotel Dash - Suite Success" = Hotel Dash: Suite Success
"BFG-Mahjong Towers Eternity" = Mahjong Towers Eternity
"BFG-Megaplex Madness - Now Playing" = Megaplex Madness: Now Playing ™
"BFG-Mystery Case Files - Huntsville" = Mystery Case Files: Huntsville ™
"BFG-Mystic Inn" = Mystic Inn ™
"BFG-Spa Mania" = Spa Mania
"BFG-Treasure Seekers - Visions of Gold" = Treasure Seekers: Visions of Gold ™
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"BlackBerry_{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
"Blender" = Blender (remove only)
"Burger Shop_is1" = Burger Shop
"CCleaner" = CCleaner
"Clickable Card" = Clickable Card
"EADM" = EA Download Manager
"Easy Gif Animator Extension" = Easy Gif Animator Extension
"Easy GIF Animator_is1" = Easy GIF Animator 5.02
"Entropia Universe10.6.4.39182" = Entropia Universe
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"GMG 4" = Gif Movie Gear 4
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{F63A3F0E-BE83-43E4-A9A2-153E877A857C}" = McGraw-Hill's GED
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.3.4
"Lexmark 1200 Series" = Lexmark 1200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoFiltre" = PhotoFiltre
"PhotoFiltre Studio" = PhotoFiltre Studio
"QcDrv" = Logitech® Camera Driver
"Registry Mechanic_is1" = Registry Mechanic 8.0
"SecondLife" = SecondLife (remove only)
"SecondLifeReleaseCandidate" = SecondLifeReleaseCandidate (remove only)
"Sound Forge 5.0" = Sound Forge 5.0
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SystemRequirementsLab" = System Requirements Lab
"Twinity" = Twinity (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 2/17/2010 12:54:08 AM | Computer Name = HOME-D60C9E255B | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 2/17/2010 11:38:27 AM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =
Error - 2/17/2010 12:37:31 PM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =
Error - 2/20/2010 1:37:05 PM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =
Error - 2/20/2010 2:37:21 PM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =
Error - 2/20/2010 3:37:05 PM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =
Error - 2/20/2010 4:37:05 PM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =
Error - 2/20/2010 5:37:05 PM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =
Error - 2/20/2010 6:37:05 PM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =
Error - 2/20/2010 7:37:05 PM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 2/16/2010 9:03:17 PM | Computer Name = HOME-D60C9E255B | Source = Service Control Manager | ID = 7034
Description = The ForceWare IP service service terminated unexpectedly. It has
done this 1 time(s).
Error - 2/16/2010 9:39:46 PM | Computer Name = HOME-D60C9E255B | Source = Service Control Manager | ID = 7034
Description = The ForceWare IP service service terminated unexpectedly. It has
done this 1 time(s).
Error - 2/20/2010 6:08:26 PM | Computer Name = HOME-D60C9E255B | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.
Error - 2/21/2010 11:18:46 AM | Computer Name = HOME-D60C9E255B | Source = Service Control Manager | ID = 7034
Description = The ForceWare IP service service terminated unexpectedly. It has
done this 1 time(s).
Error - 2/21/2010 11:47:24 AM | Computer Name = HOME-D60C9E255B | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 bac012a4, parameter2 000000ff, parameter3
00000008, parameter4 bac012a4.
Error - 2/21/2010 11:56:03 AM | Computer Name = HOME-D60C9E255B | Source = Service Control Manager | ID = 7034
Description = The ForceWare IP service service terminated unexpectedly. It has
done this 1 time(s).
< End of report >