Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help assistant issues, lockups/blue screen of death


  • This topic is locked This topic is locked
8 replies to this topic

#1 Letha1

Letha1

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 19 February 2010 - 05:50 PM

So I've been having issues with the helpassistant trojan that makes a folder in your documents and settings, and I have the DDS logs, but the problem is my computer will lock or Blue Screen before I can finish the GMER logs; is there any way I can work around this or still get the scan done?

There have been 2 times now where I actually think I might get it done, so GMER will scan for 1-2+ hours, then, of course, I will crash or get locked up to no luck. Other times, I will lock/BSOD earlier than that, so it seems to be random as to when this happens.

Edit: Also, I end up deleting the helpassistant folder before it is finished copying all my data because I thought it might help keep at least some speed or extend the time my computer can stay up; should I do something else?


DDS Log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by XXXX XXXXXXX at 14:57:02.20 on Thu 02/18/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2673 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

J:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
J:\WINDOWS\system32\nvsvc32.exe
J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\Program Files\Windows Defender\MsMpEng.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
J:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Windows Defender\MSASCui.exe
J:\WINDOWS\RTHDCPL.EXE
J:\PROGRA~1\AVG\AVG8\avgtray.exe
J:\Program Files\Razer\Lachesis\razerhid.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Java\jre6\bin\jusched.exe
J:\WINDOWS\system32\RUNDLL32.EXE
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\Messenger\msmsgs.exe
J:\program files\steam\steam.exe
J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
J:\Program Files\Windows Desktop Search\WindowsSearch.exe
svchost.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
J:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
J:\Program Files\Bonjour\mDNSResponder.exe
J:\Program Files\Razer\Lachesis\OSD.exe
J:\PROGRA~1\AVG\AVG8\avgrsx.exe
J:\Program Files\Xfire\xfire.exe
J:\PROGRA~1\AVG\AVG8\avgnsx.exe
J:\Program Files\Java\jre6\bin\jqs.exe
J:\Program Files\Razer\Lachesis\razertra.exe
J:\Program Files\Razer\Lachesis\razerofa.exe
J:\WINDOWS\system32\PnkBstrA.exe
J:\WINDOWS\system32\PnkBstrB.exe
J:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
J:\WINDOWS\system32\SearchIndexer.exe
J:\PROGRA~1\AVG\AVG8\avgemc.exe
J:\Program Files\AVG\AVG8\avgcsrvx.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\WINDOWS\system32\wuauclt.exe
J:\Program Files\Mozilla Firefox\firefox.exe
J:\WINDOWS\system32\SearchProtocolHost.exe
J:\Documents and Settings\Kyle Sanders\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = comcast.net/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - j:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - j:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - j:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - j:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - j:\progra~1\spybot~1\SDHelper.dll
BHO: {6b547ae5-5382-41a8-a574-40e2719056fe} - j:\windows\system32\ljJDVoMf.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - j:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - j:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - j:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - j:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] j:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "j:\program files\messenger\msmsgs.exe" /background
uRun: [Steam] "j:\program files\steam\steam.exe" -silent
uRun: [SpybotSD TeaTimer] j:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [PlayNC Launcher]
mRun: [Windows Defender] "j:\program files\windows defender\MSASCui.exe" -hide
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AVG8_TRAY] j:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "j:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "j:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Lachesis] j:\program files\razer\lachesis\razerhid.exe
mRun: [iTunesHelper] "j:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "j:\program files\java\jre6\bin\jusched.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE j:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE j:\windows\system32\NvCpl.dll,NvStartup
dRun: [DWQueuedReporting] "j:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: j:\docume~1\kylesa~1\startm~1\programs\startup\regist~1.lnk - j:\program files\ubisoft\tom clancy's splinter cell double agent\support\register\Reg.exe
StartupFolder: j:\docume~1\kylesa~1\startm~1\programs\startup\vcastm~1.lnk - j:\program files\verizon wireless\v cast music essentials manager\V CAST Music Monitor.exe
StartupFolder: j:\docume~1\kylesa~1\startm~1\programs\startup\xfire.lnk - j:\program files\xfire\xfire.exe
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - j:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - j:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - j:\progra~1\spybot~1\SDHelper.dll
DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196013165796
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - j:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: efcDWPJb - efcDWPJb.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - j:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - j:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - j:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 j:\windows\system32\ljJDVoMf

================= FIREFOX ===================

FF - ProfilePath - j:\docume~1\kylesa~1\applic~1\mozilla\firefox\profiles\dtl1srm3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - component: j:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: j:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: j:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: j:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: j:\program files\mozilla firefox\plugins\NPplaynet.dll
FF - plugin: j:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: XUL Cache: {F1AA2D90-519B-4D8E-8190-6E103A4CB023} - j:\documents and settings\kyle sanders\local settings\application data\{F1AA2D90-519B-4D8E-8190-6E103A4CB023}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - j:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
j:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;j:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R1 AvgLdx86;AVG AVI Loader Driver x86;j:\windows\system32\drivers\avgldx86.sys [2008-8-18 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;j:\windows\system32\drivers\avgmfx86.sys [2008-8-18 27784]
R1 AvgTdiX;AVG8 Network Redirector;j:\windows\system32\drivers\avgtdix.sys [2008-8-18 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;j:\progra~1\avg\avg8\avgemc.exe [2009-8-17 908056]
R2 avg8wd;AVG8 WatchDog;j:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-17 297752]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;j:\program files\webroot\webrootsecurity\SpySweeper.exe [2008-11-12 3667312]
R2 WinDefend;Windows Defender;j:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 WRConsumerService;Webroot Client Service;j:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-1-5 1086840]
R3 LachesisFltr;Lachesis Mouse Driver;j:\windows\system32\drivers\Lachesis.sys [2008-4-21 12032]
S3 MBAMSwissArmy;MBAMSwissArmy;j:\windows\system32\drivers\mbamswissarmy.sys [2010-2-17 38224]
S3 npggsvc;nProtect GameGuard Service;j:\windows\system32\gamemon.des -service --> j:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================


==================== Find3M ====================

2010-02-15 18:53:35 215128 ----a-w- j:\windows\system32\PnkBstrB.exe
2010-02-15 17:37:57 139128 ----a-w- j:\windows\system32\drivers\PnkBstrK.sys
2010-01-28 22:57:12 1984 ----a-w- j:\windows\system32\d3d9caps.dat
2010-01-28 22:40:24 138056 ----a-w- j:\docume~1\kylesa~1\applic~1\PnkBstrK.sys
2010-01-28 22:40:06 75064 ----a-w- j:\windows\system32\PnkBstrA.exe
2010-01-14 16:12:06 181120 ------w- j:\windows\system32\MpSigStub.exe
2010-01-12 04:03:33 6359168 ----a-w- j:\windows\system32\nv4_disp.dll
2010-01-12 04:03:33 10276768 ----a-w- j:\windows\system32\drivers\nv4_mini.sys
2010-01-12 03:17:44 278120 ----a-w- j:\windows\system32\nvmccs.dll
2010-01-12 03:17:44 154216 ----a-w- j:\windows\system32\nvsvc32.exe
2010-01-12 03:17:44 145000 ----a-w- j:\windows\system32\nvcolor.exe
2010-01-12 03:17:44 13666408 ----a-w- j:\windows\system32\nvcpl.dll
2010-01-12 03:17:44 110696 ----a-w- j:\windows\system32\nvmctray.dll
2010-01-12 03:17:40 81920 ----a-w- j:\windows\system32\nvwddi.dll
2009-12-31 16:50:03 353792 ----a-w- j:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- j:\windows\system32\wininet.dll
2009-12-20 01:54:00 98304 ----a-w- j:\windows\system32\CmdLineExt.dll
2009-12-16 18:43:27 343040 ----a-w- j:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- j:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ----a-w- j:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ----a-w- j:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- j:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- j:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- j:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- j:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- j:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- j:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- j:\windows\system32\msrle32.dll
2009-11-21 02:34:54 592488 ----a-w- j:\windows\system32\nvudisp.exe
2008-05-24 13:01:33 32768 --sha-w- j:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052420080525\index.dat
2009-01-02 00:12:43 16384 --sha-w- j:\windows\temp\cookies\index.dat
2009-01-02 00:12:43 16384 --sha-w- j:\windows\temp\history\history.ie5\index.dat
2009-01-02 00:12:43 32768 --sha-w- j:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 14:57:24.51 ===============

Attached Files


Edited by Letha1, 19 February 2010 - 05:52 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:32 AM

Posted 20 February 2010 - 02:08 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Letha1

Letha1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 20 February 2010 - 08:28 PM

Hey Myrti, my PC has been infected with this virus/trojan for the last few days. What little AV scans I have gotten done in trying to remove this has not worked; upon reboot the trojan returns by making another help assistant folder under documents and settings(it attempts to copy all my files into this folder for some reason). I always delete this folder after it appears though because i believe it extends the time my computer can run w/o a lockup or BSOD. I may have more than this, but I'm not sure. The constant lockups or BSOD or just overall slowness gets really annoying when trying to fix it. I should elaborate on the lockups though, its not really a complete freeze most of the time, it just gets to the point of time where I can still move my mouse, but clicks do nothing, and my date/timestamp thing stops and I can no longer minimize or bring up programs on the taskbar etc. I also notice that sometimes my firewall bubble will say that it is disabled for a short time before coming back online at reboot.

OTL logfile created on: 2/20/2010 8:23:47 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = J:\Documents and Settings\Kyle Sanders\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): J:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = J: | %SystemRoot% = J:\WINDOWS | %ProgramFiles% = J:\Program Files
C: Drive not present or media not loaded
Drive D: | 4.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 298.08 Gb Total Space | 52.22 Gb Free Space | 17.52% Space Free | Partition Type: NTFS

Computer Name: KYLE-8D032A7DBB
Current User Name: Kyle Sanders
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/20 20:15:15 | 000,549,376 | ---- | M] (OldTimer Tools) -- J:\Documents and Settings\Kyle Sanders\Desktop\OTL.exe
PRC - [2010/02/19 14:29:14 | 000,908,248 | ---- | M] (Mozilla Corporation) -- J:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/15 13:53:35 | 000,215,128 | ---- | M] () -- J:\WINDOWS\system32\PnkBstrB.exe
PRC - [2010/01/28 17:40:06 | 000,075,064 | ---- | M] () -- J:\WINDOWS\system32\PnkBstrA.exe
PRC - [2010/01/11 22:17:44 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- J:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/12/11 14:11:10 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- J:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- J:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/17 18:22:53 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/17 18:22:52 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/17 18:22:48 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/17 18:22:45 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/17 18:22:34 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- J:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/13 13:03:10 | 000,292,128 | ---- | M] (Apple Inc.) -- J:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/13 13:02:50 | 000,542,496 | ---- | M] (Apple Inc.) -- J:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) -- J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- J:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/13 17:11:26 | 001,086,840 | ---- | M] (Webroot Software, Inc. ) -- J:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2008/11/12 16:02:14 | 003,667,312 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- J:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2008/10/15 15:47:00 | 000,143,360 | ---- | M] () -- J:\Program Files\Razer\Lachesis\razertra.exe
PRC - [2008/10/14 10:46:14 | 000,172,032 | ---- | M] () -- J:\Program Files\Razer\Lachesis\razerhid.exe
PRC - [2008/05/26 21:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- J:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\explorer.exe
PRC - [2007/08/16 16:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- J:\Program Files\Razer\Lachesis\OSD.exe
PRC - [2007/07/05 03:08:46 | 016,380,416 | ---- | M] (Realtek Semiconductor Corp.) -- J:\WINDOWS\RTHDCPL.exe
PRC - [2007/06/05 09:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- J:\Program Files\Razer\Lachesis\razerofa.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- J:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- J:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/08/09 12:51:34 | 000,446,464 | ---- | M] (Smith Micro Software, Inc.) -- J:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe


========== Modules (SafeList) ==========

MOD - [2010/02/20 20:15:15 | 000,549,376 | ---- | M] (OldTimer Tools) -- J:\Documents and Settings\Kyle Sanders\Desktop\OTL.exe
MOD - [2008/04/13 19:11:56 | 000,019,968 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\system32\linkinfo.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/15 13:53:35 | 000,215,128 | ---- | M] () [Auto | Running] -- J:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/01/28 17:40:06 | 000,075,064 | ---- | M] () [Auto | Running] -- J:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/01/11 22:17:44 | 000,154,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- J:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- J:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/17 18:22:45 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- J:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/17 18:22:34 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- J:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/13 13:02:50 | 000,542,496 | ---- | M] (Apple Inc.) [On_Demand | Running] -- J:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/29 15:21:52 | 003,110,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- J:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- J:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/13 17:11:26 | 001,086,840 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- J:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2008/11/12 16:02:14 | 003,667,312 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- J:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2007/11/25 12:24:42 | 000,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- J:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- J:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- J:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/02/15 12:37:57 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/01/11 23:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/08/17 18:22:53 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- J:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/17 18:22:53 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- J:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/29 12:36:16 | 000,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/02 09:24:12 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- J:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/03/19 15:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/12 16:02:28 | 000,170,608 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- J:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2008/11/12 16:02:26 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- J:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2008/11/12 16:02:26 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- J:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2008/04/13 14:45:32 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\GcKernel.sys -- (GcKernel)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/18 12:09:35 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- J:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/12/26 02:37:23 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/09/07 14:55:04 | 000,027,672 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH)
DRV - [2007/08/08 10:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2007/08/07 04:40:38 | 000,098,944 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/07/18 06:26:04 | 004,547,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/28 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- J:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005/12/21 10:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\Usbicp.sys -- (uisp)
DRV - [2005/10/26 03:08:26 | 003,786,944 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/18 04:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- J:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 13:01:18 | 000,021,344 | R--- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/04/05 14:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/05 14:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/09 01:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- J:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/03 12:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- J:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/02/23 10:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- J:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/12/03 05:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- J:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2001/08/17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- J:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = J:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - J:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - J:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1060284298-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = J:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1060284298-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1060284298-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = comcast.net/
IE - HKU\S-1-5-21-1060284298-1482476501-839522115-1004\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1060284298-1482476501-839522115-1004\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - J:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1060284298-1482476501-839522115-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - J:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1060284298-1482476501-839522115-1004\S-1-5-21-1060284298-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: {F1AA2D90-519B-4D8E-8190-6E103A4CB023}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: J:\Program Files\AVG\AVG8\Firefox [2009/12/21 12:29:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F1AA2D90-519B-4D8E-8190-6E103A4CB023}: J:\Documents and Settings\Kyle Sanders\Local Settings\Application Data\{F1AA2D90-519B-4D8E-8190-6E103A4CB023} [2009/01/02 14:50:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: J:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/07/29 14:22:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: j:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 01:48:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: J:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/05 16:57:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: J:\Program Files\Mozilla Firefox\components [2010/02/19 14:29:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: J:\Program Files\Mozilla Firefox\plugins [2010/02/19 14:29:21 | 000,000,000 | ---D | M]

[2009/07/31 11:37:44 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Kyle Sanders\Application Data\Mozilla\Extensions
[2009/07/29 14:36:07 | 000,000,000 | ---D | M] (No name found) -- J:\Documents and Settings\Kyle Sanders\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/31 11:37:44 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Kyle Sanders\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/20 20:23:00 | 000,000,000 | ---D | M] -- J:\Documents and Settings\Kyle Sanders\Application Data\Mozilla\Firefox\Profiles\dtl1srm3.default\extensions
[2009/09/02 12:25:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- J:\Documents and Settings\Kyle Sanders\Application Data\Mozilla\Firefox\Profiles\dtl1srm3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/14 22:16:47 | 000,000,000 | ---D | M] (ReloadEvery) -- J:\Documents and Settings\Kyle Sanders\Application Data\Mozilla\Firefox\Profiles\dtl1srm3.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/02/15 12:26:42 | 000,000,000 | ---D | M] -- J:\Program Files\Mozilla Firefox\extensions
[2010/02/19 14:29:14 | 000,000,000 | ---D | M] (Default) -- J:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/12/05 15:06:58 | 000,000,000 | ---D | M] (Java Console) -- J:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/05/24 07:36:24 | 000,000,000 | ---D | M] (Java Console) -- J:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/01/05 16:57:31 | 000,000,000 | ---D | M] (Java Console) -- J:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/07 14:56:08 | 000,000,000 | ---D | M] (Java Console) -- J:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/11/28 16:22:21 | 000,000,000 | ---D | M] (Java Console) -- J:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/02/19 14:29:14 | 000,023,512 | ---- | M] (Mozilla Foundation) -- J:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/02/19 14:29:14 | 000,137,176 | ---- | M] (Mozilla Foundation) -- J:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/08/07 13:35:32 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- J:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/10/11 04:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- J:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/12/11 17:33:02 | 001,335,600 | ---- | M] (DivX,Inc.) -- J:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2007/10/11 14:17:50 | 001,435,688 | ---- | M] (Microsoft Corporation) -- J:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/02/19 14:29:18 | 000,064,984 | ---- | M] (mozilla.org) -- J:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/10/14 20:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- J:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/09/10 14:56:44 | 000,144,960 | ---- | M] (RealNetworks, Inc.) -- J:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2003/12/19 10:58:34 | 000,057,344 | ---- | M] (Playnet Inc.) -- J:\Program Files\Mozilla Firefox\plugins\NPplaynet.dll
[2009/06/01 18:30:21 | 000,143,360 | ---- | M] (Apple Inc.) -- J:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/06/01 18:30:21 | 000,143,360 | ---- | M] (Apple Inc.) -- J:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/06/01 18:30:21 | 000,143,360 | ---- | M] (Apple Inc.) -- J:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/06/01 18:30:21 | 000,143,360 | ---- | M] (Apple Inc.) -- J:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/06/01 18:30:21 | 000,143,360 | ---- | M] (Apple Inc.) -- J:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/06/01 18:30:21 | 000,143,360 | ---- | M] (Apple Inc.) -- J:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/06/01 18:30:21 | 000,143,360 | ---- | M] (Apple Inc.) -- J:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/09/10 14:37:54 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- J:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/07/29 16:00:40 | 000,001,394 | ---- | M] () -- J:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/29 16:00:40 | 000,002,193 | ---- | M] () -- J:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/29 14:22:06 | 000,001,489 | ---- | M] () -- J:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/07/29 16:00:40 | 000,001,534 | ---- | M] () -- J:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/29 16:00:40 | 000,002,344 | ---- | M] () -- J:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/29 16:00:40 | 000,002,371 | ---- | M] () -- J:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/29 16:00:40 | 000,001,178 | ---- | M] () -- J:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/29 16:00:40 | 000,000,792 | ---- | M] () -- J:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/01/04 21:20:25 | 000,000,707 | ---- | M]) - J:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - J:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {6B547AE5-5382-41A8-A574-40E2719056FE} - J:\WINDOWS\System32\ljJDVoMf.dll File not found
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - J:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - J:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - J:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1060284298-1482476501-839522115-1004\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - J:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1060284298-1482476501-839522115-1004\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - J:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1060284298-1482476501-839522115-1004\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - J:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1060284298-1482476501-839522115-1004\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - J:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] J:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] J:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] J:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] J:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Lachesis] J:\Program Files\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [NvCplDaemon] J:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] J:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [QuickTime Task] J:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] J:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] J:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] J:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] j:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] j:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1060284298-1482476501-839522115-1004..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1060284298-1482476501-839522115-1004..\Run: [MSMSGS] J:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1060284298-1482476501-839522115-1004..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-1060284298-1482476501-839522115-1004..\Run: [SpybotSD TeaTimer] J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1060284298-1482476501-839522115-1004..\Run: [Steam] j:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: J:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = J:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: J:\Documents and Settings\Kyle Sanders\Start Menu\Programs\Startup\Registration .LNK = J:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\support\Register\Reg.exe File not found
O4 - Startup: J:\Documents and Settings\Kyle Sanders\Start Menu\Programs\Startup\V CAST Music Monitor.lnk = J:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe (Smith Micro Software, Inc.)
O4 - Startup: J:\Documents and Settings\Kyle Sanders\Start Menu\Programs\Startup\Xfire.lnk = J:\Program Files\Xfire\xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - J:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - J:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - J:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - J:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - J:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1196013165796 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - J:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - J:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - J:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - J:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - J:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - J:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - J:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - J:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - J:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - J:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - J:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - J:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - J:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - J:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - J:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - J:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - J:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - J:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - J:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - J:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - J:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - J:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (J:\WINDOWS\system32\userinit.exe) - J:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - J:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - J:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - J:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - J:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - J:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - J:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - J:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - J:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\efcDWPJb: DllName - efcDWPJb.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - J:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - J:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - J:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - J:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - J:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - J:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - J:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - J:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - J:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - J:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - J:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - J:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - J:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - J:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - J:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - J:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - J:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - J:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - J:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - J:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - J:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (J:\WINDOWS\system32\ljJDVoMf) - File not found
O30 - LSA: Security Packages - (kerberos) - J:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - J:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - J:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - J:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/12 19:36:42 | 000,664,029 | R--- | M] () - D:\Autorun.dbd -- [ UDF ]
O32 - AutoRun File - [2006/08/12 04:18:20 | 000,126,976 | R--- | M] (Macrovision Corporation) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2006/08/12 04:18:20 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2006/08/12 04:18:20 | 000,000,367 | R--- | M] () - D:\AutoRun.ini -- [ UDF ]
O32 - AutoRun File - [2006/08/12 19:36:42 | 000,003,902 | R--- | M] () - D:\Autorun.txt -- [ UDF ]
O33 - MountPoints2\{b083cc83-9b44-11dc-8f80-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b083cc83-9b44-11dc-8f80-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b083cc83-9b44-11dc-8f80-806d6172696f}\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - J:\WINDOWS\system32\ias [2007/11/25 07:15:06 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - J:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - Reg Error: Value error.
SafeBootMin: sdcoreservice - Reg Error: Value error.
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - J:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: WRConsumerService - J:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - Reg Error: Value error.
SafeBootNet: sdcoreservice - Reg Error: Value error.
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: termservice - J:\WINDOWS\system32\termsrv32.dll (Microsoft Corporation)
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - J:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: WRConsumerService - J:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection J:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection J:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - J:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - j:\WINDOWS\system32\Rundll32.exe j:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - J:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - J:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - J:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "J:\WINDOWS\system32\rundll32.exe" "J:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - J:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - J:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - J:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - J:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - J:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - J:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - J:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - J:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - J:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - J:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - J:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - J:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - J:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XFR1 - J:\WINDOWS\System32\xfcodec.dll ()
Drivers32: VIDC.XVID - J:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - J:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/20 20:15:11 | 000,549,376 | ---- | C] (OldTimer Tools) -- J:\Documents and Settings\Kyle Sanders\Desktop\OTL.exe
[2010/02/17 14:29:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- J:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/17 14:29:09 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- J:\WINDOWS\System32\drivers\mbam.sys
[2010/02/17 14:29:09 | 000,000,000 | ---D | C] -- J:\Program Files\Malwarebytes' Anti-Malware
[2010/02/05 15:31:17 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Kyle Sanders\Local Settings\Application Data\AliensVsPredator
[2010/01/28 18:00:05 | 000,000,000 | ---D | C] -- J:\Program Files\NVIDIA Corporation
[2010/01/28 17:59:24 | 000,061,440 | ---- | C] (Khronos Group) -- J:\WINDOWS\System32\OpenCL.dll
[2010/01/28 17:59:23 | 014,458,880 | ---- | C] (NVIDIA Corporation) -- J:\WINDOWS\System32\nvoglnt.dll
[2010/01/28 17:59:23 | 004,104,192 | ---- | C] (NVIDIA Corporation) -- J:\WINDOWS\System32\nvcuda.dll
[2010/01/28 17:59:23 | 004,077,672 | ---- | C] (NVIDIA Corporation) -- J:\WINDOWS\System32\nvcuvenc.dll
[2010/01/28 17:59:23 | 002,259,560 | ---- | C] (NVIDIA Corporation) -- J:\WINDOWS\System32\nvcuvid.dll
[2010/01/28 17:59:22 | 011,632,640 | ---- | C] (NVIDIA Corporation) -- J:\WINDOWS\System32\nvcompiler.dll
[2010/01/28 17:59:22 | 001,081,344 | ---- | C] (NVIDIA Corporation) -- J:\WINDOWS\System32\nvapi.dll
[2010/01/28 17:59:22 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- J:\WINDOWS\System32\nvcodins.dll
[2010/01/28 17:59:22 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- J:\WINDOWS\System32\nvcod.dll
[2010/01/28 17:44:08 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Kyle Sanders\My Documents\BFBC2Beta
[2010/01/22 16:23:05 | 000,000,000 | ---D | C] -- J:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/01/22 16:02:41 | 000,000,000 | ---D | C] -- J:\Documents and Settings\Kyle Sanders\Local Settings\Application Data\Blizzard Entertainment
[2010/01/22 14:57:09 | 000,000,000 | ---D | C] -- J:\Program Files\World of Warcraft
[2009/10/14 19:53:40 | 000,000,000 | --SD | M] -- J:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/09/03 15:35:42 | 000,000,000 | ---D | M] -- J:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/06/27 18:30:45 | 000,000,000 | ---D | M] -- J:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2009/03/26 13:58:49 | 000,000,000 | ---D | M] -- J:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/01/30 11:40:01 | 000,000,000 | ---D | M] -- J:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/10/25 14:49:38 | 000,000,135 | ---- | C] () -- J:\Documents and Settings\Kyle Sanders\Local Settings\Application Data\fusioncache.dat
[2008/08/18 18:55:48 | 000,000,000 | ---D | M] -- J:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/18 18:52:52 | 000,000,000 | --SD | M] -- J:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/04/10 19:11:07 | 000,000,000 | ---D | M] -- J:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2007/12/28 11:39:35 | 000,002,598 | ---- | C] () -- J:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/06 17:25:48 | 000,008,192 | ---- | C] () -- J:\Documents and Settings\Kyle Sanders\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/05 20:13:40 | 000,000,000 | ---D | M] -- J:\Documents and Settings\LocalService\Application Data\Xfire
[2007/12/05 19:44:48 | 000,000,000 | ---D | M] -- J:\Documents and Settings\NetworkService\Application Data\Xfire
[2007/11/29 15:26:41 | 000,013,448 | ---- | C] () -- J:\Documents and Settings\Kyle Sanders\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/11/25 13:36:23 | 000,138,056 | ---- | C] () -- J:\Documents and Settings\Kyle Sanders\Application Data\PnkBstrK.sys
[2007/11/25 12:36:14 | 003,746,612 | -H-- | C] () -- J:\Documents and Settings\Kyle Sanders\Local Settings\Application Data\IconCache.db
[2007/11/25 12:30:51 | 000,000,062 | -HS- | C] () -- J:\Documents and Settings\Kyle Sanders\Application Data\desktop.ini
[2007/11/25 07:20:15 | 000,000,062 | -HS- | C] () -- J:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 000,030,808 | ---- | C] () -- J:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | C] () -- J:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | C] () -- J:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 000,026,040 | ---- | C] () -- J:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[5 J:\WINDOWS\*.tmp files -> J:\WINDOWS\*.tmp -> ]
[1 J:\WINDOWS\System32\*.tmp files -> J:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/20 20:15:15 | 000,549,376 | ---- | M] (OldTimer Tools) -- J:\Documents and Settings\Kyle Sanders\Desktop\OTL.exe
[2010/02/20 20:14:10 | 000,000,330 | -H-- | M] () -- J:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/20 20:11:46 | 000,001,098 | ---- | M] () -- J:\Documents and Settings\Kyle Sanders\Start Menu\Programs\Startup\V CAST Music Monitor.lnk
[2010/02/20 20:10:59 | 000,271,490 | ---- | M] () -- J:\WINDOWS\System32\NvApps.xml
[2010/02/20 20:10:52 | 000,000,006 | -H-- | M] () -- J:\WINDOWS\tasks\SA.DAT
[2010/02/20 20:10:45 | 000,002,048 | --S- | M] () -- J:\WINDOWS\bootstat.dat
[2010/02/18 14:54:40 | 000,524,288 | ---- | M] () -- J:\Documents and Settings\Kyle Sanders\Desktop\dds.scr
[2010/02/18 14:48:15 | 000,012,648 | ---- | M] () -- J:\WINDOWS\System32\wpa.dbl
[2010/02/18 14:47:27 | 019,136,512 | -H-- | M] () -- J:\Documents and Settings\Kyle Sanders\NTUSER.DAT
[2010/02/18 14:47:09 | 000,000,176 | ---- | M] () -- J:\Documents and Settings\Kyle Sanders\defogger_reenable
[2010/02/17 14:49:17 | 003,746,612 | -H-- | M] () -- J:\Documents and Settings\Kyle Sanders\Local Settings\Application Data\IconCache.db
[2010/02/17 14:29:13 | 000,000,706 | ---- | M] () -- J:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/16 19:04:27 | 000,002,193 | ---- | M] () -- J:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/02/15 13:53:35 | 000,215,128 | ---- | M] () -- J:\WINDOWS\System32\PnkBstrB.xtr
[2010/02/15 13:53:35 | 000,215,128 | ---- | M] () -- J:\WINDOWS\System32\PnkBstrB.exe
[2010/02/15 12:37:57 | 000,139,128 | ---- | M] () -- J:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/02/15 11:08:24 | 055,614,854 | ---- | M] () -- J:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/10 22:16:10 | 000,041,872 | ---- | M] () -- J:\WINDOWS\System32\xfcodec.dll
[2010/02/09 20:58:32 | 000,001,355 | ---- | M] () -- J:\WINDOWS\imsins.BAK
[2010/02/08 15:07:51 | 000,013,448 | ---- | M] () -- J:\Documents and Settings\Kyle Sanders\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/08 15:07:38 | 000,095,072 | ---- | M] () -- J:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/05 15:03:01 | 000,001,630 | ---- | M] () -- J:\Documents and Settings\Kyle Sanders\Desktop\Aliens vs Predator Demo.lnk
[2010/01/28 18:02:39 | 000,000,178 | -HS- | M] () -- J:\Documents and Settings\Kyle Sanders\ntuser.ini
[2010/01/28 17:57:12 | 000,001,984 | ---- | M] () -- J:\WINDOWS\System32\d3d9caps.dat
[2010/01/28 17:43:18 | 000,002,010 | ---- | M] () -- J:\Documents and Settings\All Users\Desktop\Battlefield Bad Company 2 - BETA.lnk
[2010/01/28 17:40:24 | 000,138,056 | ---- | M] () -- J:\Documents and Settings\Kyle Sanders\Application Data\PnkBstrK.sys
[2010/01/28 17:40:06 | 000,075,064 | ---- | M] () -- J:\WINDOWS\System32\PnkBstrA.exe
[2010/01/28 17:40:05 | 002,434,856 | ---- | M] () -- J:\WINDOWS\System32\pbsvc_bc2.exe
[2010/01/22 19:44:21 | 000,000,761 | ---- | M] () -- J:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/01/22 17:41:56 | 000,000,582 | ---- | M] () -- J:\WINDOWS\win.ini
[2010/01/22 15:29:51 | 000,000,892 | ---- | M] () -- J:\Documents and Settings\Kyle Sanders\Desktop\World of Warcraft Installer.lnk
[5 J:\WINDOWS\*.tmp files -> J:\WINDOWS\*.tmp -> ]
[1 J:\WINDOWS\System32\*.tmp files -> J:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/18 15:16:19 | 000,293,376 | ---- | C] () -- J:\Documents and Settings\Kyle Sanders\Desktop\gmer.exe
[2010/02/18 14:54:30 | 000,524,288 | ---- | C] () -- J:\Documents and Settings\Kyle Sanders\Desktop\dds.scr
[2010/02/18 14:47:00 | 000,000,176 | ---- | C] () -- J:\Documents and Settings\Kyle Sanders\defogger_reenable
[2010/02/17 14:29:13 | 000,000,706 | ---- | C] () -- J:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/10 22:16:10 | 000,041,872 | ---- | C] () -- J:\WINDOWS\System32\xfcodec.dll
[2010/02/05 15:03:01 | 000,001,630 | ---- | C] () -- J:\Documents and Settings\Kyle Sanders\Desktop\Aliens vs Predator Demo.lnk
[2010/01/28 17:59:22 | 002,283,526 | ---- | C] () -- J:\WINDOWS\System32\nvdata.bin
[2010/01/28 17:43:18 | 000,002,010 | ---- | C] () -- J:\Documents and Settings\All Users\Desktop\Battlefield Bad Company 2 - BETA.lnk
[2010/01/28 17:40:05 | 002,434,856 | ---- | C] () -- J:\WINDOWS\System32\pbsvc_bc2.exe
[2010/01/22 15:29:51 | 000,000,892 | ---- | C] () -- J:\Documents and Settings\Kyle Sanders\Desktop\World of Warcraft Installer.lnk
[2010/01/22 15:29:00 | 000,000,761 | ---- | C] () -- J:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2009/07/15 21:45:16 | 000,000,023 | ---- | C] () -- J:\WINDOWS\BlendSettings.ini
[2009/05/09 12:39:31 | 000,168,448 | ---- | C] () -- J:\WINDOWS\System32\unrar.dll
[2009/05/09 12:39:30 | 000,795,648 | ---- | C] () -- J:\WINDOWS\System32\xvidcore.dll
[2009/05/09 12:39:30 | 000,130,048 | ---- | C] () -- J:\WINDOWS\System32\xvidvfw.dll
[2009/05/09 12:39:29 | 003,596,288 | ---- | C] () -- J:\WINDOWS\System32\qt-dx331.dll
[2009/05/09 12:39:28 | 000,084,480 | ---- | C] () -- J:\WINDOWS\System32\ff_vfw.dll
[2009/05/09 12:39:28 | 000,000,547 | ---- | C] () -- J:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/30 11:45:55 | 000,200,704 | ---- | C] () -- J:\WINDOWS\System32\teulKit.dll
[2008/11/10 19:25:40 | 000,000,619 | ---- | C] () -- J:\WINDOWS\Wininit.ini
[2008/08/29 17:04:39 | 000,000,600 | ---- | C] () -- J:\WINDOWS\Rtcw.INI
[2008/06/30 09:32:17 | 000,053,248 | ---- | C] () -- J:\WINDOWS\System32\VZWDLManager.dll
[2008/05/05 21:21:52 | 000,000,754 | ---- | C] () -- J:\WINDOWS\WORDPAD.INI
[2008/01/01 01:44:56 | 000,003,972 | ---- | C] () -- J:\WINDOWS\System32\drivers\PciBus.sys
[2007/12/26 02:15:12 | 000,000,169 | ---- | C] () -- J:\WINDOWS\RtlRack.ini
[2007/11/25 13:36:23 | 000,139,128 | ---- | C] () -- J:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/25 13:35:44 | 000,000,319 | ---- | C] () -- J:\WINDOWS\game.ini
[2007/11/25 12:50:04 | 000,000,164 | R--- | C] () -- J:\WINDOWS\avrack.ini
[2007/11/25 12:34:59 | 000,000,258 | ---- | C] () -- J:\WINDOWS\System32\raidmgmt.ini
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- J:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- J:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- J:\WINDOWS\System32\gthrctr.ini

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 J:\WINDOWS\system32\*.tmp files -> J:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- J:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/05/24 07:52:01 | 023,852,652 | ---- | M] () .cab file -- J:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/05/24 07:52:01 | 023,852,652 | ---- | M] () .cab file -- J:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- J:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- J:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- J:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/24 07:52:01 | 023,852,652 | ---- | M] () .cab file -- J:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/05/24 07:52:01 | 023,852,652 | ---- | M] () .cab file -- J:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- J:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- J:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- J:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- J:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- J:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- J:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- J:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- J:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- J:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- J:\WINDOWS\system32\eventlog.dll
[2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- J:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- J:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- J:\WINDOWS\system32\netlogon.dll
[2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- J:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2005/08/18 04:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- J:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2006/02/28 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- J:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- J:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- J:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> J:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >



OTL Extras logfile created on: 2/20/2010 8:23:47 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = J:\Documents and Settings\Kyle Sanders\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): J:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = J: | %SystemRoot% = J:\WINDOWS | %ProgramFiles% = J:\Program Files
C: Drive not present or media not loaded
Drive D: | 4.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 298.08 Gb Total Space | 52.22 Gb Free Space | 17.52% Space Free | Partition Type: NTFS

Computer Name: KYLE-8D032A7DBB
Current User Name: Kyle Sanders
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- J:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1060284298-1482476501-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- J:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "J:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "J:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "J:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "J:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "J:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "J:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3927:TCP" = 3927:TCP:*:Enabled:Services
"3740:TCP" = 3740:TCP:*:Enabled:Services
"7101:TCP" = 7101:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3927:TCP" = 3927:TCP:*:Enabled:Services
"3740:TCP" = 3740:TCP:*:Enabled:Services
"7101:TCP" = 7101:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"J:\Nexon\Combat Arms\CombatArms.exe" = J:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"J:\Nexon\Combat Arms\Engine.exe" = J:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"J:\WINDOWS\system32\PnkBstrA.exe" = J:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"J:\WINDOWS\system32\PnkBstrB.exe" = J:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"J:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = J:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"J:\Program Files\BitTyrant\Azureus.exe" = J:\Program Files\BitTyrant\Azureus.exe:*:Enabled:Azureus -- File not found
"J:\Program Files\MIRC\mirc.exe" = J:\Program Files\MIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"J:\Program Files\Xfire\xfire.exe" = J:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"J:\Program Files\Metin2.us\metin2.bin" = J:\Program Files\Metin2.us\metin2.bin:*:Enabled:metin2 -- File not found
"J:\Program Files\Steam\steamapps\kyles\counter-strike source\hl2.exe" = J:\Program Files\Steam\steamapps\kyles\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"J:\Program Files\SEGA\Medieval II Total War\medieval2.exe" = J:\Program Files\SEGA\Medieval II Total War\medieval2.exe:*:Enabled:Medieval 2: Total War -- File not found
"J:\Program Files\uTorrent\uTorrent.exe" = J:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"J:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = J:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- File not found
"J:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = J:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- File not found
"J:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = J:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- File not found
"J:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = J:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- File not found
"J:\Program Files\Steam\steamapps\kyles\dark messiah might and magic multi-player\mm.exe" = J:\Program Files\Steam\steamapps\kyles\dark messiah might and magic multi-player\mm.exe:*:Enabled:mm -- ()
"J:\Program Files\Steam\steamapps\kyles\counter-strike\hl.exe" = J:\Program Files\Steam\steamapps\kyles\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"J:\Program Files\Steam\steamapps\kyles\condition zero\hl.exe" = J:\Program Files\Steam\steamapps\kyles\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"J:\Program Files\Mozilla Firefox\firefox.exe" = J:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"J:\Documents and Settings\Kyle Sanders\Local Settings\Temp\Rar$EX00.656\AoC-US-EarlyAccess.exe" = J:\Documents and Settings\Kyle Sanders\Local Settings\Temp\Rar$EX00.656\AoC-US-EarlyAccess.exe:*:Enabled:Age of Conan Downloader -- File not found
"J:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = J:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"J:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Online\System\SCDA_online.exe" = J:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Online\System\SCDA_online.exe:*:Enabled:SCDA_online -- File not found
"J:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = J:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"J:\Nexon\Combat Arms\CombatArms.exe" = J:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"J:\Nexon\Combat Arms\Engine.exe" = J:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"J:\Nexon\Combat Arms\NMService.exe" = J:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"J:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe" = J:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer -- (Activision Inc)
"J:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe" = J:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII -- File not found
"J:\Program Files\AVG\AVG8\avgupd.exe" = J:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"J:\Program Files\AVG\AVG8\avgemc.exe" = J:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"J:\Program Files\Return to Castle Wolfenstein\WolfMP.exe" = J:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP -- File not found
"J:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe" = J:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe:*:Enabled:Call of Duty®: World at War Multiplayer -- File not found
"J:\Program Files\CRS\Battleground Europe\WW2_sse2.exe" = J:\Program Files\CRS\Battleground Europe\WW2_sse2.exe:*:Enabled:WW2 -- (Playnet, Inc.)
"J:\WINDOWS\system32\dpvsetup.exe" = J:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"J:\WINDOWS\system32\rundll32.exe" = J:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"J:\Program Files\LimeWire\LimeWire.exe" = J:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire 4.16.6 -- (Lime Wire, LLC)
"J:\Program Files\Steam\steamapps\common\grand theft auto 3\gta3.exe" = J:\Program Files\Steam\steamapps\common\grand theft auto 3\gta3.exe:*:Enabled:Grand Theft Auto 3 -- ()
"J:\Program Files\Steam\steamapps\common\grand theft auto vice city\gta-vc.exe" = J:\Program Files\Steam\steamapps\common\grand theft auto vice city\gta-vc.exe:*:Enabled:Grand Theft Auto: Vice City -- ()
"J:\Program Files\Steam\steamapps\kyles\dark messiah might and magic multi-player\runme.exe" = J:\Program Files\Steam\steamapps\kyles\dark messiah might and magic multi-player\runme.exe:*:Enabled:Dark Messiah Might and Magic Multi-Player -- ()
"J:\Program Files\Steam\steamapps\common\grand theft auto san andreas\gta-sa.exe" = J:\Program Files\Steam\steamapps\common\grand theft auto san andreas\gta-sa.exe:*:Enabled:Grand Theft Auto: San Andreas -- ()
"J:\Program Files\Steam\steamapps\common\grand theft auto 2\gta2.exe" = J:\Program Files\Steam\steamapps\common\grand theft auto 2\gta2.exe:*:Enabled:Grand Theft Auto 2 -- (Rockstar North)
"J:\Program Files\Steam\steam.exe" = J:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"J:\Program Files\Fury\Binaries\Fury.exe" = J:\Program Files\Fury\Binaries\Fury.exe:*:Enabled:Fury -- File not found
"J:\Program Files\Fury\Binaries\DiamondWare\dwTVC.exe" = J:\Program Files\Fury\Binaries\DiamondWare\dwTVC.exe:*:Enabled:Fury VOIP -- File not found
"J:\Program Files\Steam\steamapps\common\rome total war gold\RomeTW.exe" = J:\Program Files\Steam\steamapps\common\rome total war gold\RomeTW.exe:*:Enabled:Rome: Total War Gold -- (The Creative Assembly Ltd)
"J:\Program Files\Steam\steamapps\common\rome total war gold\RomeTW-BI.exe" = J:\Program Files\Steam\steamapps\common\rome total war gold\RomeTW-BI.exe:*:Enabled:Rome: Total War Gold -- (The Creative Assembly Ltd)
"J:\Program Files\AVG\AVG8\avgnsx.exe" = J:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"J:\Program Files\Bonjour\mDNSResponder.exe" = J:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"J:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = J:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"J:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = J:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™ -- (Activision Blizzard, Inc.)
"J:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = J:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™ -- (Activision Blizzard, Inc.)
"J:\Program Files\iTunes\iTunes.exe" = J:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"J:\Football Superstars\FSClientr.exe" = J:\Football Superstars\FSClientr.exe:*:Enabled:FSClientr -- ()
"J:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\Versus\System\SCCT_Versus.ex" = J:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\Versus\System\SCCT_Versus.ex:*:Enabled:SCCT_Versus -- ()
"J:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\SPLINTERCELL3.EXE" = J:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\System\SPLINTERCELL3.EXE:*:Enabled:SPLINTERCELL3 -- ()
"J:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\Utils\Detection\detectionui_r.exe" = J:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\Utils\Detection\detectionui_r.exe:*:Enabled:detectionui_r -- ()
"J:\Program Files\THQ\Company of Heroes\RelicCOH.exe" = J:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:RelicCOH -- (THQ Canada Inc.)
"J:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe" = J:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)
"J:\Documents and Settings\Kyle Sanders\Local Settings\Temp\04be8d73843a4b928406cab194812b64\RelicDownloader.exe" = J:\Documents and Settings\Kyle Sanders\Local Settings\Temp\04be8d73843a4b928406cab194812b64\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- File not found
"J:\Program Files\World of Warcraft\Launcher.exe" = J:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"J:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = J:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"J:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe" = J:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA -- (EA Digital Illusions CE AB)
"J:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2Game.exe" = J:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2Game.exe:*:Enabled:EA Battlefield: Bad Company™ 2 - BETA -- (EA Digital Illusions CE AB)
"J:\Program Files\Steam\steamapps\common\aliens vs predator demo\AvP.exe" = J:\Program Files\Steam\steamapps\common\aliens vs predator demo\AvP.exe:*:Enabled:Aliens vs Predator Demo -- (Sega Europe Limited)
"J:\Program Files\Steam\steamapps\common\empire total war\Empire.exe" = J:\Program Files\Steam\steamapps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"J:\WINDOWS\system32\services.exe" = J:\WINDOWS\system32\services.exe:*:Enabled:Services and Controller app -- (Microsoft Corporation)
"J:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = J:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"J:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = J:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare™ 1.3 Patch
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War™ 1.3 Patch
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{2184D9EA-4E5B-43FD-914E-4563CF028C94}" = MetalGearSolid2 Substance
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}" = Tom Clancy's Splinter Cell Chaos Theory
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D53A3D44-C983-4D21-ABF6-2AA2AB88FB28}" = Battlefield Bad Company 2 - BETA
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare™ 1.2 Patch
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"0D91165CEEB2095316E8A04A59CDF0AE4B957C61" = Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"AVG8Uninstall" = AVG 8.5
"Battleground Europe: WWIIOL " = Battleground Europe: WWIIOL
"Company of Heroes" = Company of Heroes
"D44822B3621EFD220D3A7DDA72DE5A4B6476748F" = Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00)
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"ESForces" = ESForces
"Football Superstars_is1" = Football Superstars
"GoldWave v5.20" = GoldWave v5.20
"Guild Wars" = Guild Wars
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare™ 1.3 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War™ 1.3 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare™ 1.2 Patch
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.8.0
"LG USB Drivers" = LG USB Drivers
"LimeWire" = LimeWire 5.2.12
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MR.MIC's Map Pack" = MR.MIC's Map Pack 5
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PeerGuardian_is1" = PeerGuardian 2.0
"PlayGATE Setup" = PlayGATE Setup
"PunkBusterSvc" = PunkBuster Services
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 10500" = Empire: Total War
"Steam App 12100" = Grand Theft Auto 3
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12170" = Grand Theft Auto
"Steam App 12180" = Grand Theft Auto 2
"Steam App 2130" = Dark Messiah Might and Magic Multi-Player
"Steam App 240" = Counter-Strike: Source
"Steam App 34200" = Aliens vs Predator Demo
"Steam App 4760" = Rome: Total War Gold
"Switch" = Switch Sound File Converter
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"UnityWebPlayer" = Unity Web Player
"VCast Music Essentials Manager" = V CAST Music Essentials Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1060284298-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-Aion" = Aion
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/19/2010 6:38:11 PM | Computer Name = KYLE-8D032A7DBB | Source = Windows Search Service | ID = 3013
Description = The entry <J:\DOCUMENTS AND SETTINGS\HELPASSISTANT\MY DOCUMENTS\JKA
DOWNLOADS\DARTH_REVAN.ZIP> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 2/19/2010 6:38:11 PM | Computer Name = KYLE-8D032A7DBB | Source = Windows Search Service | ID = 3013
Description = The entry <J:\DOCUMENTS AND SETTINGS\HELPASSISTANT\MY DOCUMENTS\JKA
DOWNLOADS\DARTH_REVAN.ZIP> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 2/19/2010 6:38:12 PM | Computer Name = KYLE-8D032A7DBB | Source = Windows Search Service | ID = 3013
Description = The entry <J:\DOCUMENTS AND SETTINGS\HELPASSISTANT\MY DOCUMENTS\JKA
DOWNLOADS\MARK_I_VEHICLE.ZIP> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 2/19/2010 6:38:12 PM | Computer Name = KYLE-8D032A7DBB | Source = Windows Search Service | ID = 3013
Description = The entry <J:\DOCUMENTS AND SETTINGS\HELPASSISTANT\MY DOCUMENTS\JKA
DOWNLOADS\MARK_I_VEHICLE.ZIP> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 2/19/2010 6:38:12 PM | Computer Name = KYLE-8D032A7DBB | Source = Windows Search Service | ID = 3013
Description = The entry <J:\DOCUMENTS AND SETTINGS\HELPASSISTANT\MY DOCUMENTS\MY
MUSIC\ITUNES\ALBUM ARTWORK\CACHE\3FE11B1AAFA1C16F\01\08\02> in the hash map cannot
be updated. Context: Application, SystemIndex Catalog Details: A device attached
to the system is not functioning. (0x8007001f)

Error - 2/19/2010 6:38:12 PM | Computer Name = KYLE-8D032A7DBB | Source = Windows Search Service | ID = 3013
Description = The entry <J:\DOCUMENTS AND SETTINGS\HELPASSISTANT\MY DOCUMENTS\MY
MUSIC\ITUNES\ALBUM ARTWORK\CACHE\3FE11B1AAFA1C16F> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 2/19/2010 6:38:12 PM | Computer Name = KYLE-8D032A7DBB | Source = Windows Search Service | ID = 3013
Description = The entry <J:\DOCUMENTS AND SETTINGS\HELPASSISTANT\MY DOCUMENTS\MY
MUSIC\ITUNES\ALBUM ARTWORK\CACHE\3FE11B1AAFA1C16F> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 2/19/2010 6:38:12 PM | Computer Name = KYLE-8D032A7DBB | Source = Windows Search Service | ID = 3013
Description = The entry <J:\DOCUMENTS AND SETTINGS\HELPASSISTANT\MY DOCUMENTS\MY
MUSIC\ITUNES\ALBUM ARTWORK\CACHE\3FE11B1AAFA1C16F\02\00\02\3FE11B1AAFA1C16F-BE6A9541F7790202.ITC2>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 2/19/2010 6:38:12 PM | Computer Name = KYLE-8D032A7DBB | Source = Windows Search Service | ID = 3013
Description = The entry <J:\DOCUMENTS AND SETTINGS\HELPASSISTANT\MY DOCUMENTS\MY
GAMES\COMPANY OF HEROES\WW2\SCENARIOS> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 2/19/2010 6:38:12 PM | Computer Name = KYLE-8D032A7DBB | Source = Windows Search Service | ID = 3013
Description = The entry <J:\DOCUMENTS AND SETTINGS\HELPASSISTANT\MY DOCUMENTS\MY
GAMES\COMPANY OF HEROES\WW2\SCENARIOS> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

[ System Events ]
Error - 1/25/2010 1:19:34 PM | Computer Name = KYLE-8D032A7DBB | Source = System Error | ID = 1003
Description = Error code 000000ea, parameter1 8a43a9a0, parameter2 8b0d58e8, parameter3
8b0a1e30, parameter4 00000001.

Error - 1/25/2010 1:21:52 PM | Computer Name = KYLE-8D032A7DBB | Source = System Error | ID = 1003
Description = Error code 000000ea, parameter1 8a274020, parameter2 8aed37e8, parameter3
8ae7f1a8, parameter4 00000001.

Error - 2/18/2010 7:03:58 PM | Computer Name = KYLE-8D032A7DBB | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the AudioSrv service.

Error - 2/19/2010 4:17:46 PM | Computer Name = KYLE-8D032A7DBB | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 ffffff94, parameter2 0000001c, parameter3
00000000, parameter4 80537bfd.

Error - 2/19/2010 4:18:35 PM | Computer Name = KYLE-8D032A7DBB | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000007, parameter2 0002914e, parameter3
00000001, parameter4 00000000.

Error - 2/19/2010 4:18:39 PM | Computer Name = KYLE-8D032A7DBB | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3
00000001, parameter4 8925800c.

Error - 2/19/2010 4:18:42 PM | Computer Name = KYLE-8D032A7DBB | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 b204bb30, parameter2 00000001, parameter3
b1d68fa6, parameter4 00000000.

Error - 2/19/2010 4:18:47 PM | Computer Name = KYLE-8D032A7DBB | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 805be7fa, parameter3
b3b45a68, parameter4 00000000.


< End of report >

Edited by Letha1, 20 February 2010 - 11:54 PM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:32 AM

Posted 21 February 2010 - 08:15 AM

Hi,

One of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Letha1

Letha1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 21 February 2010 - 09:37 AM

I see, not exactly what I wanted; is there any way to backup files without the method I use being compromised with the virus (USB/CD etc.)? I'm young to the point where I had nothing really truly important on there, so I'm not too upset, except that I had put tons of time into unfinished games haha. I appreciate the help, but before I reformat I just wanna know if I can save some stuff safely.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:32 AM

Posted 21 February 2010 - 09:50 AM

Hi,

You can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

You can also back up the save-games of your unfinished games wink.gif Just keep away from executables.

If you decide to backup with a flash drive, please run the following tool, to prevent infections spreading over it:
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Letha1

Letha1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 21 February 2010 - 09:59 AM

Thanks Myrti, but it seems someone has already taken the liberty to start the reformat haha, so looks like I have no choice. I appreciate the help though, thanks.

Have a good day and keep up the good work smile.gif

PS: Which software do you recommend to prevent something like this again? AVG, Spybot S&D etc. did nothing.

Edited by Letha1, 21 February 2010 - 10:05 AM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:32 AM

Posted 21 February 2010 - 12:51 PM

Hi,

I usually suggest a free anti virus program such as Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as wellas impairing the performance of your PC.

In addition these are tips I usually give at the end of cleaning a pc:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:32 AM

Posted 06 March 2010 - 04:18 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users