Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Key Logger or Trojan?


  • This topic is locked This topic is locked
14 replies to this topic

#1 crusherdbuzz

crusherdbuzz

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 07 May 2010 - 03:39 PM

My world of warcraft account has been stolen! I am doing those processes to get it back. I don't know how they got my password or username. I have ran antivir and malawarbytes and nothing has shown up. Here is my highjackthis log and maybe you guys can see something I haven't. I'm not good with this stuff. If there is other things I must run please let me know and I will do them ASAP!

Regards,
Dennis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:37:45 PM, on 5/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Creative\Shared Files\CTAudSvc.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\CTsvcCDA.exe
G:\Program Files\Java\jre6\bin\jqs.exe
G:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
G:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\WINDOWS\system32\nvraidservice.exe
G:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
G:\WINDOWS\CTHELPER.EXE
G:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
G:\WINDOWS\system32\CTXFIHLP.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Viewpoint\Common\ViewpointService.exe
G:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
G:\Program Files\Common Files\Java\Java Update\jusched.exe
G:\WINDOWS\system32\SearchIndexer.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\WINDOWS\SYSTEM32\CTXFISPI.EXE
G:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
G:\Program Files\Canon\CAL\CALMAIN.exe
G:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
G:\Program Files\Creative\Shared Files\CTSched.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
G:\Program Files\AIM6\aim6.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Windows Live\Messenger\msnmsgr.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE
G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE
G:\WINDOWS\system32\wbem\unsecapp.exe
G:\WINDOWS\System32\svchost.exe
G:\Documents and Settings\Dennis\Local Settings\Apps\2.0\DNMCQXYM.ZWJ\DQTZPM92.B76\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe
G:\Program Files\AIM6\aolsoftware.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Avira\AntiVir Desktop\avguard.exe
G:\Program Files\Avira\AntiVir Desktop\avshadow.exe
G:\Program Files\Avira\AntiVir Desktop\sched.exe
G:\Program Files\Avira\AntiVir Desktop\avgnt.exe
G:\WINDOWS\system32\dllhost.exe
G:\Program Files\Avira\AntiVir Desktop\avnotify.exe
G:\Program Files\Avira\AntiVir Desktop\avnotify.exe
G:\WINDOWS\system32\msiexec.exe
G:\WINDOWS\system32\SearchProtocolHost.exe
G:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - G:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - G:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - G:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - G:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - G:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - G:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [nwiz] G:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVRaidService] G:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "G:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "G:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VolPanel] "G:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Google Quick Search Box] "G:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "G:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "G:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Creative MediaSource Go] "G:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [CreativeTaskScheduler] "G:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [swg] "G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [CurseClient] G:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [Aim6] "G:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "g:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "G:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "G:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NCsoft Launcher] G:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [NVIDIA nTune] "G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Auto EPSON WorkForce 600 Series on WARREN] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE /FU "G:\WINDOWS\TEMP\E_S3F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [\\WARREN\EPSON WorkForce 600 Series] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE /FU "G:\DOCUME~1\Dennis\LOCALS~1\Temp\E_S42.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "G:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: MagicDisc.lnk = G:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = G:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://G:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvlsp.dll
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - G:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - G:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - G:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - G:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate1ca64d52455f94a) (gupdate1ca64d52455f94a) - Google Inc. - G:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - G:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - G:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14907 bytes


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:37 AM

Posted 10 May 2010 - 04:58 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 crusherdbuzz

crusherdbuzz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 11 May 2010 - 11:16 AM

Extras.txt Report:

OTL Extras logfile created on: 5/11/2010 9:06:02 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = G:\Documents and Settings\Dennis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive C: | 298.09 Gb Total Space | 168.47 Gb Free Space | 56.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 139.73 Gb Total Space | 43.43 Gb Free Space | 31.08% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 407.87 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MACHINE
Current User Name: Dennis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1214440339-1659004503-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "G:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "G:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher
"8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher
"8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher
"8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher
"6989:TCP" = 6989:TCP:*:Enabled:League of Legends Launcher
"6989:UDP" = 6989:UDP:*:Enabled:League of Legends Launcher
"8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher
"8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"G:\Program Files\Windows Live\Messenger\wlcsdk.exe" = G:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Dennis\Rosetta Stone\support\bin\win\RosettaStoneLtdServices.exe" = C:\Dennis\Rosetta Stone\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Dennis\Rosetta Stone\RosettaStoneVersion3.exe" = C:\Dennis\Rosetta Stone\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Warren's Back-up Games\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Warren's Back-up Games\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Warren's Back-up Games\World of Warcraft\Launcher.exe" = C:\Warren's Back-up Games\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Warren's Back-up Games\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Warren's Back-up Games\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"G:\Program Files\Ventrilo\Ventrilo.exe" = G:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"G:\Program Files\Curse\CurseClient.exe" = G:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"G:\Program Files\Common Files\AOL\Loader\aolload.exe" = G:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"G:\Program Files\AIM6\aim6.exe" = G:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"G:\Program Files\Steam\steamapps\common\farcry\Bin32\FarCry.exe" = G:\Program Files\Steam\steamapps\common\farcry\Bin32\FarCry.exe:*:Enabled:Far Cry -- (Crytek)
"G:\Program Files\Steam\steamapps\common\farcry\Bin32\FarCryConfigurator.exe" = G:\Program Files\Steam\steamapps\common\farcry\Bin32\FarCryConfigurator.exe:*:Enabled:Far Cry -- (Crytek)
"C:\Warren's Back-up Games\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Warren's Back-up Games\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Warren's Back-up Games\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Warren's Back-up Games\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"G:\Program Files\Steam\Steam.exe" = G:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"G:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = G:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"G:\Program Files\Windows Live\Messenger\wlcsdk.exe" = G:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"G:\Program Files\Steam\steamapps\common\eve online\eve.exe" = G:\Program Files\Steam\steamapps\common\eve online\eve.exe:*:Enabled:EVE Online Demo -- (CCP hf.)
"G:\Program Files\Steam\steamapps\common\eve online\bin\ExeFile.exe" = G:\Program Files\Steam\steamapps\common\eve online\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- File not found
"G:\Program Files\Steam\steamapps\common\global agenda beta server\Binaries\globalagenda.exe" = G:\Program Files\Steam\steamapps\common\global agenda beta server\Binaries\globalagenda.exe:*:Enabled:TgGame Client -- File not found
"G:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = G:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()
"G:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = G:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"G:\Program Files\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe" = G:\Program Files\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)
"G:\Program Files\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe" = G:\Program Files\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:*:Enabled:Defense Grid: The Awakening -- ()
"G:\Riot Games\League of Legends\air\LolClient.exe" = G:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"G:\Riot Games\League of Legends\game\League of Legends.exe" = G:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"G:\Program Files\Steam\steamapps\common\serious sam hd the first encounter\Bin\SamHD.exe" = G:\Program Files\Steam\steamapps\common\serious sam hd the first encounter\Bin\SamHD.exe:*:Enabled:Serious Sam HD: The First Encounter -- (Croteam)
"C:\Dennis\BitTorrent\bittorrent.exe" = C:\Dennis\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Dennis\Rosetta Stone\support\bin\win\RosettaStoneLtdServices.exe" = C:\Dennis\Rosetta Stone\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Dennis\Rosetta Stone\RosettaStoneVersion3.exe" = C:\Dennis\Rosetta Stone\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Multidmedia Limited )
"G:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe" = G:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company 2 -- (EA Digital Illusions CE AB)
"G:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = G:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"G:\Program Files\StarCraft II Beta\Versions\Base15250\SC2.exe" = G:\Program Files\StarCraft II Beta\Versions\Base15250\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)
"G:\Documents and Settings\Dennis\Local Settings\Apps\2.0\DNMCQXYM.ZWJ\DQTZPM92.B76\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe" = G:\Documents and Settings\Dennis\Local Settings\Apps\2.0\DNMCQXYM.ZWJ\DQTZPM92.B76\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30349EFD-29C6-471B-B720-10D805B2D9F3}" = NCsoft Launcher
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{760E3EF8-577D-483E-9CB2-E759880AD82E}" = League of Legends
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BC926103-5867-4838-B059-9AD787FDF269}" = DK Optimize
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"AudioCS" = Creative Audio Control Panel
"avast!" = avast! Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Volume Panel" = Volume Panel
"CSCLIB" = Canon Camera Support Core Library
"CurseClient" = Curse Client
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EVEMon" = EVEMon
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"StarCraft II Beta" = StarCraft II Beta
"Steam App 1250" = Killing Floor
"Steam App 13520" = Far Cry
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 240" = Counter-Strike: Source
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 29650" = Aion: Collector's Edition
"Steam App 40140" = Supreme Commander 2 Demo
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 8510" = EVE Online Demo
"Steam App 8980" = Borderlands
"SysInfo" = Creative System Information
"ViewpointMediaPlayer" = Viewpoint Media Player
"WaveStudio 7" = Creative WaveStudio 7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1214440339-1659004503-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/17/2009 11:56:51 AM | Computer Name = MACHINE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DOCUMENTS AND SETTINGS\DENNIS\MY DOCUMENTS\MY PICTURES\THUMBS.DB failed, 00000005.


Error - 11/6/2009 5:34:05 PM | Computer Name = MACHINE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.msappspace.com/proxy/relay.prox...ofile%26friendi
failed, 0000A413.

Error - 11/7/2009 10:14:07 PM | Computer Name = MACHINE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://home.myspace.com/Modules/HomeDispla...ingleSuggestion
failed, 0000A413.

Error - 12/23/2009 9:11:03 PM | Computer Name = MACHINE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DOCUMENTS AND SETTINGS\DENNIS\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZTSIH6BU\3SLHNONX[1].JS
failed, 00000005.

[ Application Events ]
Error - 1/14/2010 8:22:45 PM | Computer Name = MACHINE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x629148c4.

Error - 1/14/2010 8:22:46 PM | Computer Name = MACHINE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x629148c4.

Error - 1/16/2010 2:30:26 AM | Computer Name = MACHINE | Source = Application Hang | ID = 1002
Description = Hanging application msiexec.exe, version 3.1.4001.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 2:30:27 AM | Computer Name = MACHINE | Source = Application Hang | ID = 1002
Description = Hanging application msiexec.exe, version 3.1.4001.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2010 2:32:34 AM | Computer Name = MACHINE | Source = Windows Search Service | ID = 3013
Description = The entry <C:\~!~IE6.~!~> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 1/16/2010 2:32:34 AM | Computer Name = MACHINE | Source = Windows Search Service | ID = 3013
Description = The entry <C:\~!~IE6.~!~> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 1/16/2010 2:32:34 AM | Computer Name = MACHINE | Source = Windows Search Service | ID = 3013
Description = The entry <C:\~!~IE6.~!~> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 1/16/2010 2:32:34 AM | Computer Name = MACHINE | Source = Windows Search Service | ID = 3013
Description = The entry <C:\~!~IE6.~!~> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 1/16/2010 4:14:43 AM | Computer Name = MACHINE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x629148c4.

Error - 1/16/2010 4:15:15 AM | Computer Name = MACHINE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x629148c4.

[ System Events ]
Error - 5/7/2010 12:47:21 PM | Computer Name = MACHINE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 5/7/2010 12:47:21 PM | Computer Name = MACHINE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 5/7/2010 12:47:21 PM | Computer Name = MACHINE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for G:\DOCUME~1\Dennis\LOCALS~1\Temp\RarSFX0\redist.dll.
Reference
error message: The operation completed successfully. .

Error - 5/7/2010 10:21:52 PM | Computer Name = MACHINE | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{6E1CB18A-4DA7-4C51-BB20-DA404CC03130}. The
backup browser is stopping.

Error - 5/8/2010 10:42:47 PM | Computer Name = MACHINE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
WARREN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6E1CB18A-4DA7-4C51-BB.
The
master browser is stopping or an election is being forced.

Error - 5/10/2010 10:33:21 PM | Computer Name = MACHINE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/10/2010 10:33:21 PM | Computer Name = MACHINE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/10/2010 10:33:21 PM | Computer Name = MACHINE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/10/2010 10:33:21 PM | Computer Name = MACHINE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 5/10/2010 10:34:16 PM | Computer Name = MACHINE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
WARREN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6E1CB18A-4DA7-4C51-BB.
The
master browser is stopping or an election is being forced.


< End of report >


============
============


OTL.txt Report:

OTL logfile created on: 5/11/2010 9:06:02 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = G:\Documents and Settings\Dennis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive C: | 298.09 Gb Total Space | 168.47 Gb Free Space | 56.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 139.73 Gb Total Space | 43.43 Gb Free Space | 31.08% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 407.87 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MACHINE
Current User Name: Dennis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/11 09:05:35 | 000,570,880 | ---- | M] (OldTimer Tools) -- G:\Documents and Settings\Dennis\Desktop\OTL.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- G:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- G:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- G:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/22 11:46:10 | 000,390,824 | ---- | M] (Avira GmbH) -- g:\Program Files\Avira\AntiVir Desktop\avcenter.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- G:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/24 16:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- G:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- G:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- G:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/08/26 21:00:33 | 000,039,408 | ---- | M] (Google Inc.) -- G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/08/26 21:00:32 | 000,122,368 | ---- | M] (Google Inc.) -- G:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/07/09 13:07:14 | 000,049,968 | ---- | M] (AOL LLC) -- G:\Program Files\AIM6\aim6.exe
PRC - [2009/06/04 00:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- G:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009/06/04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- G:\WINDOWS\system32\CTxfispi.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- G:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/12/18 12:05:40 | 000,457,248 | ---- | M] () -- G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/12/18 12:05:40 | 000,191,008 | ---- | M] () -- G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- G:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/06 10:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- G:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/08/18 19:01:52 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- G:\WINDOWS\system32\nvraidservice.exe
PRC - [2008/08/06 16:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- G:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\explorer.exe
PRC - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- G:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- G:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/17 17:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- G:\Program Files\Creative\Shared Files\CTSched.exe
PRC - [2006/05/23 21:20:41 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- G:\WINDOWS\CTHELPER.EXE
PRC - [2005/12/12 09:36:36 | 000,143,360 | ---- | M] (Creative Technology Ltd) -- G:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
PRC - [2005/11/04 18:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- G:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe


========== Modules (SafeList) ==========

MOD - [2010/05/11 09:05:35 | 000,570,880 | ---- | M] (OldTimer Tools) -- G:\Documents and Settings\Dennis\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/23 21:20:39 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- G:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/04/17 10:53:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- G:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- G:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- G:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- G:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/26 19:25:38 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- G:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- G:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/12/18 12:05:40 | 000,457,248 | ---- | M] () [Auto | Running] -- G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/12/18 12:05:40 | 000,191,008 | ---- | M] () [Auto | Running] -- G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- G:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- G:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- G:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2010/04/17 10:55:24 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- G:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- G:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- G:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- G:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 16:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- G:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/15 03:56:14 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- G:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/09/15 03:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- G:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 03:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- G:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/17 00:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/07/26 19:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- G:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- G:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- G:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- G:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- G:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- G:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- G:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- G:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- G:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- G:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/11/12 16:59:08 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- G:\WINDOWS\system32\DRIVERS\nvrd32.sys -- (nvrd32)
DRV - [2008/11/12 16:59:06 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- G:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/10/09 19:40:34 | 000,217,128 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- G:\WINDOWS\system32\DRIVERS\Si3132r5.sys -- (Si3132r5)
DRV - [2008/10/09 19:40:34 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- G:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008/10/09 19:40:34 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- G:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2008/08/01 10:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 10:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- G:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- G:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- G:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/05/01 02:27:00 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- G:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2004/08/12 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1214440339-1659004503-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1214440339-1659004503-839522115-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1214440339-1659004503-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2010/05/08 19:42:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2010/05/08 19:42:22 | 000,000,000 | ---D | M]

[2010/01/23 19:59:03 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Dennis\Application Data\Mozilla\Extensions
[2010/05/10 22:09:44 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\eiy2gybv.default\extensions
[2010/01/23 20:16:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- G:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\eiy2gybv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/17 10:55:30 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\eiy2gybv.default\extensions\DTToolbar@toolbarnet.com
[2010/05/10 22:09:44 | 000,000,000 | ---D | M] -- G:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/08 00:18:34 | 000,393,062 | R--- | M]) - G:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13576 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - G:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - G:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - G:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - G:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - G:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - G:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - G:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - G:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AudioDrvEmulator] G:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avast!] G:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [avgnt] G:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] G:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] G:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Google Quick Search Box] G:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] G:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NvCplDaemon] G:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] G:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] G:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] G:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [UpdReg] G:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] G:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004..\Run: [\\WARREN\EPSON WorkForce 600 Series] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004..\Run: [Aim6] G:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004..\Run: [Auto EPSON WorkForce 600 Series on WARREN] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004..\Run: [Creative MediaSource Go] G:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004..\Run: [CreativeTaskScheduler] G:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004..\Run: [CurseClient] G:\Program Files\Curse\CurseClient.exe ()
O4 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004..\Run: [DAEMON Tools Lite] G:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004..\Run: [Messenger (Yahoo!)] G:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004..\Run: [NCsoft Launcher] G:\program files\ncsoft\launcher\NCLauncher.exe (NCSoft)
O4 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004..\Run: [NVIDIA nTune] G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004..\Run: [Steam] g:\program files\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = G:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: G:\Documents and Settings\Dennis\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: G:\Documents and Settings\Dennis\Start Menu\Programs\Startup\MagicDisc.lnk = G:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1659004503-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - G:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - G:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.192.61
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - G:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - G:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: G:\Documents and Settings\Dennis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: G:\Documents and Settings\Dennis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - G:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection G:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection G:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - G:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - G:\WINDOWS\system32\Rundll32.exe G:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - G:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - G:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - G:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "G:\WINDOWS\system32\rundll32.exe" "G:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - G:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - G:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - G:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - G:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - G:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - G:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - G:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - G:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - G:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - G:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - G:\WINDOWS\System32\ir50_32.dll ()
Drivers32: VIDC.MP42 - G:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - G:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: vidc.yv12 - G:\WINDOWS\System32\DivX.dll (DivX, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - G:\WINDOWS\system32\ias [2009/08/26 10:37:35 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - G:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/11 09:05:29 | 000,570,880 | ---- | C] (OldTimer Tools) -- G:\Documents and Settings\Dennis\Desktop\OTL.exe
[2010/05/07 19:08:08 | 000,000,000 | ---D | C] -- G:\Program Files\Spybot - Search & Destroy
[2010/05/07 19:08:08 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/07 13:08:25 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Dennis\Application Data\Malwarebytes
[2010/05/07 13:08:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/07 13:08:17 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/07 13:08:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbam.sys
[2010/05/07 13:08:16 | 000,000,000 | ---D | C] -- G:\Program Files\Malwarebytes' Anti-Malware
[2010/05/07 13:05:15 | 000,000,000 | ---D | C] -- G:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/07 09:52:30 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Dennis\Application Data\Avira
[2010/05/07 09:51:47 | 000,000,000 | ---D | C] -- G:\WINDOWS\System32\NtmsData
[2010/05/07 09:49:17 | 000,028,520 | ---- | C] (Avira GmbH) -- G:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/05/07 09:49:15 | 000,124,784 | ---- | C] (Avira GmbH) -- G:\WINDOWS\System32\drivers\avipbb.sys
[2010/05/07 09:49:15 | 000,060,936 | ---- | C] (Avira GmbH) -- G:\WINDOWS\System32\drivers\avgntflt.sys
[2010/05/07 09:49:15 | 000,045,416 | ---- | C] (Avira GmbH) -- G:\WINDOWS\System32\drivers\avgntdd.sys
[2010/05/07 09:49:15 | 000,022,360 | ---- | C] (Avira GmbH) -- G:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/05/07 09:49:14 | 000,000,000 | ---D | C] -- G:\Program Files\Avira
[2010/05/07 09:49:14 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Avira
[2010/05/07 09:42:52 | 000,000,000 | ---D | C] -- G:\Program Files\Trend Micro
[2010/04/30 23:29:08 | 000,000,000 | ---D | C] -- G:\Program Files\StarCraft II Beta
[2010/04/30 23:03:55 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Dennis\My Documents\StarCraft II Beta
[2010/04/30 09:11:29 | 000,000,000 | ---D | C] -- G:\Program Files\FamilySearch
[2010/04/17 12:43:02 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Dennis\Desktop\00
[2010/04/17 11:12:03 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- G:\WINDOWS\System32\drivers\mcdbus.sys
[2010/04/17 11:12:02 | 000,000,000 | ---D | C] -- G:\Program Files\MagicDisc
[2010/04/17 10:55:19 | 000,000,000 | ---D | C] -- G:\Program Files\DAEMON Tools Lite
[2010/04/17 10:53:22 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Macrovision Shared
[2010/04/17 10:52:58 | 000,000,000 | ---D | C] -- G:\Program Files\Rosetta Stone
[2010/04/17 10:52:58 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/04/17 07:24:45 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Dennis\Application Data\BitTorrent
[2006/05/23 21:38:39 | 000,060,928 | ---- | C] ( ) -- G:\WINDOWS\System32\a3d.dll
[6 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]
[1 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/11 09:05:35 | 000,570,880 | ---- | M] (OldTimer Tools) -- G:\Documents and Settings\Dennis\Desktop\OTL.exe
[2010/05/11 08:46:19 | 000,249,324 | ---- | M] () -- G:\WINDOWS\System32\NvApps.xml
[2010/05/11 08:46:08 | 000,000,882 | ---- | M] () -- G:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/11 08:45:57 | 000,000,006 | -H-- | M] () -- G:\WINDOWS\tasks\SA.DAT
[2010/05/11 08:45:53 | 000,002,048 | --S- | M] () -- G:\WINDOWS\bootstat.dat
[2010/05/11 02:41:43 | 009,437,184 | -H-- | M] () -- G:\Documents and Settings\Dennis\NTUSER.DAT
[2010/05/11 02:41:43 | 000,054,400 | ---- | M] () -- G:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000007-00001102-00000005-00311102}.rfx
[2010/05/11 02:41:43 | 000,054,400 | ---- | M] () -- G:\WINDOWS\System32\BMXState-{00000002-00000000-00000007-00001102-00000005-00311102}.rfx
[2010/05/11 02:41:43 | 000,000,788 | ---- | M] () -- G:\WINDOWS\System32\DVCState-{00000002-00000000-00000007-00001102-00000005-00311102}.rfx
[2010/05/11 02:41:21 | 000,000,178 | -HS- | M] () -- G:\Documents and Settings\Dennis\ntuser.ini
[2010/05/11 02:15:00 | 000,000,886 | ---- | M] () -- G:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/08 23:19:58 | 000,176,128 | ---- | M] () -- G:\Documents and Settings\Dennis\Desktop\Gilana Reeves 10 April 2010.paf
[2010/05/08 15:50:31 | 000,013,646 | ---- | M] () -- G:\WINDOWS\System32\wpa.dbl
[2010/05/08 12:38:45 | 000,000,813 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
[2010/05/08 00:18:34 | 000,393,062 | R--- | M] () -- G:\WINDOWS\System32\drivers\etc\hosts
[2010/05/07 19:08:13 | 000,000,933 | ---- | M] () -- G:\Documents and Settings\Dennis\Desktop\Spybot - Search & Destroy.lnk
[2010/05/07 13:36:43 | 000,001,986 | ---- | M] () -- G:\Documents and Settings\Dennis\Desktop\HiJackThis.lnk
[2010/05/07 13:08:21 | 000,000,696 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/07 09:49:25 | 000,001,707 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/05/05 17:47:21 | 000,000,664 | ---- | M] () -- G:\WINDOWS\System32\d3d9caps.dat
[2010/05/04 17:13:01 | 000,000,284 | ---- | M] () -- G:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/03 11:35:42 | 000,091,621 | ---- | M] () -- G:\Documents and Settings\Dennis\Desktop\weight_management.pdf
[2010/05/01 19:45:16 | 000,023,901 | ---- | M] () -- G:\Documents and Settings\Dennis\My Documents\Gilana Reeves 10 April 2010.zip
[2010/04/30 09:11:29 | 000,001,655 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\PAF 5.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 07:35:39 | 000,002,159 | ---- | M] () -- G:\Documents and Settings\Dennis\Desktop\Steam.lnk
[2010/04/29 07:32:22 | 000,000,664 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/04/28 13:15:50 | 000,001,813 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/04/20 11:58:06 | 000,026,624 | ---- | M] () -- G:\Documents and Settings\Dennis\My Documents\Sociology 10 midterm.doc
[2010/04/17 11:12:10 | 000,000,652 | ---- | M] () -- G:\Documents and Settings\Dennis\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/04/17 11:12:10 | 000,000,640 | ---- | M] () -- G:\Documents and Settings\Dennis\Desktop\MagicDisc.lnk
[2010/04/17 10:55:24 | 000,691,696 | ---- | M] () -- G:\WINDOWS\System32\drivers\sptd.sys
[2010/04/17 10:55:24 | 000,001,613 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/04/16 12:17:06 | 000,000,000 | ---- | M] () -- G:\Documents and Settings\Dennis\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/04/16 12:16:57 | 000,000,312 | ---- | M] () -- G:\Documents and Settings\Dennis\Desktop\Curse Client.appref-ms
[2010/04/15 07:48:59 | 000,001,729 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/15 03:02:27 | 000,001,374 | ---- | M] () -- G:\WINDOWS\imsins.BAK
[2010/04/13 10:17:15 | 000,001,915 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[6 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]
[1 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/07 19:08:13 | 000,000,933 | ---- | C] () -- G:\Documents and Settings\Dennis\Desktop\Spybot - Search & Destroy.lnk
[2010/05/07 13:08:21 | 000,000,696 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/07 09:49:25 | 000,001,707 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/05/07 09:42:52 | 000,001,986 | ---- | C] () -- G:\Documents and Settings\Dennis\Desktop\HiJackThis.lnk
[2010/05/03 11:35:42 | 000,091,621 | ---- | C] () -- G:\Documents and Settings\Dennis\Desktop\weight_management.pdf
[2010/05/01 19:45:16 | 000,023,901 | ---- | C] () -- G:\Documents and Settings\Dennis\My Documents\Gilana Reeves 10 April 2010.zip
[2010/05/01 19:43:27 | 000,176,128 | ---- | C] () -- G:\Documents and Settings\Dennis\Desktop\Gilana Reeves 10 April 2010.paf
[2010/04/30 23:03:55 | 000,000,813 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
[2010/04/30 09:11:29 | 000,001,655 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\PAF 5.lnk
[2010/04/20 09:12:31 | 000,026,624 | ---- | C] () -- G:\Documents and Settings\Dennis\My Documents\Sociology 10 midterm.doc
[2010/04/17 11:12:10 | 000,000,652 | ---- | C] () -- G:\Documents and Settings\Dennis\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/04/17 11:12:10 | 000,000,640 | ---- | C] () -- G:\Documents and Settings\Dennis\Desktop\MagicDisc.lnk
[2010/04/17 10:55:24 | 000,001,613 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/04/16 23:45:18 | 000,443,048 | ---- | C] () -- G:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/16 12:17:06 | 000,000,000 | ---- | C] () -- G:\Documents and Settings\Dennis\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/04/13 10:17:15 | 000,001,915 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/10/09 11:59:11 | 000,000,376 | ---- | C] () -- G:\WINDOWS\ODBC.INI
[2009/10/09 11:35:41 | 000,691,696 | ---- | C] () -- G:\WINDOWS\System32\drivers\sptd.sys
[2009/08/26 21:46:43 | 000,000,262 | ---- | C] () -- G:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/26 18:26:00 | 000,026,564 | ---- | C] () -- G:\WINDOWS\Ascd_tmp.ini
[2009/08/26 15:58:01 | 000,000,962 | R--- | C] () -- G:\WINDOWS\System32\AsusSetup.ini
[2009/08/26 15:58:01 | 000,000,401 | R--- | C] () -- G:\WINDOWS\System32\raidmgmt.ini
[2009/08/26 15:56:05 | 000,026,057 | ---- | C] () -- G:\WINDOWS\Ascd_log.ini
[2009/08/26 15:55:39 | 000,005,810 | R--- | C] () -- G:\WINDOWS\System32\drivers\ASACPI.sys
[2009/08/26 15:55:27 | 000,010,288 | ---- | C] () -- G:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- G:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelFrench.dll
[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- G:\WINDOWS\System32\instwdm.ini
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- G:\WINDOWS\System32\ctzapxx.ini
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- G:\WINDOWS\System32\CtxfiRes.dll
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- G:\WINDOWS\CTXFIRES.DLL
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- G:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- G:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- G:\WINDOWS\System32\gthrctr.ini
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- G:\WINDOWS\NVGfxOgl.dll
[2006/05/23 22:00:48 | 000,037,888 | ---- | C] () -- G:\WINDOWS\System32\CTBURST.DLL
[2006/02/28 05:00:00 | 000,755,200 | ---- | C] () -- G:\WINDOWS\System32\ir50_32.dll
[2006/02/28 05:00:00 | 000,338,432 | ---- | C] () -- G:\WINDOWS\System32\ir41_qcx.dll
[2006/02/28 05:00:00 | 000,200,192 | ---- | C] () -- G:\WINDOWS\System32\ir50_qc.dll
[2006/02/28 05:00:00 | 000,183,808 | ---- | C] () -- G:\WINDOWS\System32\ir50_qcx.dll
[2006/02/28 05:00:00 | 000,120,320 | ---- | C] () -- G:\WINDOWS\System32\ir41_qc.dll
[2005/07/26 14:13:12 | 000,000,285 | ---- | C] () -- G:\WINDOWS\System32\kill.ini
[2005/06/07 06:10:50 | 000,070,656 | ---- | C] () -- G:\WINDOWS\System32\CTMMACTL.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- G:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/08/26 19:44:23 | 023,852,652 | ---- | M] () .cab file -- G:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/08/26 19:44:23 | 023,852,652 | ---- | M] () .cab file -- G:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- G:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- G:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- G:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/08/26 19:44:23 | 023,852,652 | ---- | M] () .cab file -- G:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/08/26 19:44:23 | 023,852,652 | ---- | M] () .cab file -- G:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- G:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- G:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- G:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- G:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- G:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- G:\WINDOWS\system32\eventlog.dll
[2006/02/28 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- G:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- G:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- G:\WINDOWS\system32\netlogon.dll
[2006/02/28 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- G:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/05/01 02:27:00 | 000,100,736 | R--- | M] (NVIDIA Corporation) MD5=49628180ADB2E043CE017D85014BB751 -- G:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVGTS.SYS >
[2008/11/12 16:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=75E2E77C5497F34E60491D27BF03F1CB -- G:\NVIDIA\nForceWinXPInt\15.25\IDE\WinXP\sata_ide\nvgts.sys
[2008/11/12 16:59:06 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EB82606FCD8C5D039ADA33BD46FE7F8 -- G:\NVIDIA\nForceWinXPInt\15.25\IDE\WinXP\sataraid\nvgts.sys
[2008/11/12 16:59:06 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EB82606FCD8C5D039ADA33BD46FE7F8 -- G:\WINDOWS\system32\drivers\nvgts.sys
[2008/11/12 16:59:06 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EB82606FCD8C5D039ADA33BD46FE7F8 -- G:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\nvgts.sys
[2008/11/12 16:59:06 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EB82606FCD8C5D039ADA33BD46FE7F8 -- G:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\nvgts.sys

< MD5 for: NVRD32.SYS >
[2008/11/12 16:59:08 | 000,133,152 | ---- | M] (NVIDIA Corporation) MD5=6B1B4E25277A99A6B515CF124D6060E0 -- G:\NVIDIA\nForceWinXPInt\15.25\IDE\WinXP\sataraid\nvrd32.sys
[2008/11/12 16:59:08 | 000,133,152 | ---- | M] (NVIDIA Corporation) MD5=6B1B4E25277A99A6B515CF124D6060E0 -- G:\WINDOWS\system32\drivers\nvrd32.sys

< MD5 for: SCECLI.DLL >
[2006/02/28 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- G:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- G:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- G:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\WINDOWS\system32\dxtrans.dll
[1 G:\WINDOWS\system32\*.tmp files -> G:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/04/17 10:55:24 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- G:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2009/08/26 10:41:00 | 000,094,208 | ---- | M] () -- G:\WINDOWS\system32\config\default.sav
[2009/08/26 10:41:00 | 000,634,880 | ---- | M] () -- G:\WINDOWS\system32\config\software.sav
[2009/08/26 10:41:00 | 000,913,408 | ---- | M] () -- G:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- G:\WINDOWS\system32\drivers\avgntflt.sys
[2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- G:\WINDOWS\system32\drivers\avipbb.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 06:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/04/17 10:55:24 | 000,691,696 | ---- | M] () -- G:\WINDOWS\system32\drivers\sptd.sys
[2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >


#4 crusherdbuzz

crusherdbuzz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 11 May 2010 - 11:24 AM

Problem I am having: I had a trojan or some sort of keylogger get on my system. I am still unsure how it got on, but I am thinking it was a program I use for user interface modifications in world of warcraft or through a website I visited through internet explorer. I have still been unable to find any key logger or trojan on my system. I lost my account last Friday and I am awaiting to get it back from the support staff at Blizzard

So far I have downloaded and ran:

Malwarebytes
Spybot search and destroy
Antivir by Avira
Highjackthis (the log I posted here)
Avast antivirus (my normal antivirus and I added Antivir)

I will not be doing any additional scans or adding programs unless it is what you guys say to do as per in your reply to my origional post!

I haven't found anything significant. I hope you guys can help me resolve this problem. I have heard of these keyloggers or trojans that steal these accounts to delete themselves after they are done.

I want this resolved to make sure my account is not still compromised when I get it back. I will be getting the Blizzard Authenticator for an extra line of security and I should receive that in the mail any day now.

My hats off to you guys for the service you provide and you have my upmost respect and thanks.

Kindest Regards,
Dennis

#5 crusherdbuzz

crusherdbuzz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 11 May 2010 - 11:47 AM

My antivir scanner keeps picking up this:

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'G:\WINDOWS\Temp\_avast4_\unp3495050.tmp.
Action performed: Allow access

It gets this several times with different unpXXXXXX.tmp. files.

is this it?

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:37 AM

Posted 11 May 2010 - 02:58 PM

Hi,

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Antivir or Avast.

What Avira is detecting is the update file from Avast, this is a classic False Alarm, as mentioned above.

Please runa scan with gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 crusherdbuzz

crusherdbuzz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 12 May 2010 - 01:15 PM

I tried running GMER in regular windows as you described 3 times, but at the end it kept freezing, so I went to safe mode and ran it there. Here is the file as follows: oh, and I uninstalled avira and only run avast now.


gmer.log file:



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-12 11:06:41
Windows 5.1.2600 Service Pack 3
Running: 63z4f354.exe; Driver: G:\DOCUME~1\Dennis\LOCALS~1\Temp\pxldypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x35 0xD6 0x84 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 G:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x6B 0xEB 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x04 0xE0 0x83 0x73 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC8 0x0B 0x31 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x35 0xD6 0x84 0xBE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 G:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x6B 0xEB 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x04 0xE0 0x83 0x73 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC8 0x0B 0x31 0x5D ...

---- EOF - GMER 1.0.15 ----


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:37 AM

Posted 12 May 2010 - 02:49 PM

Hi,

so far everything is looking clean. Are you sure that your PC has been infected. Did you ever access your account from a different PC? Could it be that you had a week password and they guessed it right?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 crusherdbuzz

crusherdbuzz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 12 May 2010 - 03:40 PM

Good to hear that my PC is clean so far. It could be that they guessed the password. The password itself was all lower case with numbers on the end. I will be sure to use more symbols and capital letters from now on. Is there anything else I need to check or do before this PC is deemed clean? Thank you again for your help.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:37 AM

Posted 12 May 2010 - 05:47 PM

Hi,

yes I'd like you to run a scan with Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

As well as a scan with Eset:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 crusherdbuzz

crusherdbuzz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 12 May 2010 - 10:59 PM

ESET did find two things, but in talking to my brother they are things he downloaded and to me don't appear to be a threat, but I'm not the expert. I ran both programs and the logs are as follows:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4094

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/12/2010 4:04:21 PM
mbam-log-2010-05-12 (16-04-21).txt

Scan type: Quick scan
Objects scanned: 131233
Time elapsed: 7 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


=======================
=======================
=======================
=======================

ESET

C:\Warren's Back-up Games\Gmod10.rar probably a variant of Win32/Hupigon trojan deleted - quarantined
C:\Warren's Back-up Games\NWN2 Patches\NWN2 NoCD Crack for v1.21\nwn2main.exe probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined



Thanks again!

Regards,
Dennis

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:37 AM

Posted 13 May 2010 - 01:07 PM

Hi,

You might want to talk to your brother about this, the practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

QUOTE
Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

http://www.trendmicro.com/vinfo/grayware/v...=CRCK_KEYGEN.BB

QUOTE
...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

http://blog.trendmicro.com/crack-sites-dis...rux-and-fakeav/


When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


Please also update your software:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Let me know if you run into any problems.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 crusherdbuzz

crusherdbuzz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 13 May 2010 - 02:58 PM

I updated java as your instructions said to. I will be having a long drawn out talk to my brother about this. The drive that this was found in is my RAIDED mirror drive that I use for backing up pictures / school work / etc, and was unaware of his doings.

Thank you again for your time! Is there anything else I need to do?

Kindest Regards,
Dennis

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:37 AM

Posted 13 May 2010 - 03:11 PM

Hi,

if everything is running fine, then all that is left to do is to remove the programs we used:
Read those last few lines, in order to keep your pc safe and clean:
Please do the following to clean up your PC:
  1. Delete the tools used during the disinfection:
    • Download OTC from the following mirrors and save it to your desktop:
    • Double click on
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  2. If OTC faild to remove all programs from your Desktop, please delete the rest manually.
  3. Disable and Enable System Restore.
    You can find instructions on how to disable and reenable system restore here:
    Windows ME System Restore Guide
    Windows XP System Restore Guide
    Windows Vista System Restore Guide

    Note: You should only do this once, not on a regular basis!
    You will not be able to restore computer to any earlier than today!

Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:37 AM

Posted 19 May 2010 - 02:24 PM

Since the issue is resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users