Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware that i can't seem to remove


  • Please log in to reply
9 replies to this topic

#1 jammy_b

jammy_b

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 23 May 2010 - 06:17 AM

Hi,
I have a problem with a malicious executable called bpbdmrg.exe, which seems to be present in several parts of my system. I know what the problem is, and how to remove it, but every time i try and close the .exe (either through the task manager, or through the several scanners and antivirus programs i have used) as soon as the process is killed the computer bluescreens giving these error messages: 0x000000F4 (0x00000003, 0x89E5E610, 0x89E5E78).
These are the methods i have already tried and been unsuccessful with:
Avast Antivirus Scan
Avast Antivirus Boot-Time Scan
Spybot S&D
Combofix
HijackThis
UnHackMe
Malwarebytes

The virus also boots in safe mode, so trying that doesnt seem to work either. As far as i can tell, the virus has overridden windows defender and turned off windows update, has disabled system restore, and every time i try to shut my computer down i receive 2 error messages: The application failed to initialize properly (0xc000142). Click on OK to terminate the application, yet it shuts down normally at the next attempt.
Here is my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:14:54, on 23/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Alwil Software\Avast5\AvastSvc.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\Java\jre6\bin\jqs.exe
G:\WINDOWS\system32\PnkBstrA.exe
G:\WINDOWS\system32\PnkBstrB.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
G:\WINDOWS\system32\SearchIndexer.exe
G:\WINDOWS\system32\wscntfy.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
G:\WINDOWS\system32\bpbdmrg.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\RunDll32.exe
G:\Program Files\Razer\DeathAdder\razerhid.exe
G:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
G:\Program Files\Razer\DeathAdder\razertra.exe
G:\Program Files\Common Files\Java\Java Update\jusched.exe
G:\Program Files\Razer\DeathAdder\razerofa.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Cyberlink\Shared files\brs.exe
G:\Program Files\DivX\DivX Update\DivXUpdate.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\024h Lucky Reminder\LuckyReminder.exe
G:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Xfire\Xfire.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=G:\WINDOWS\system32\bpbdmrg.exe
F2 - REG:system.ini: UserInit=G:\WINDOWS\SYSTEM32\Userinit.exe,G:\WINDOWS\system32\bpbdmrg.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Cm108Sound] RunDll32 cm108.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DeathAdder] G:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] G:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BDRegion] G:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [DivXUpdate] "G:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [WindowsDefender] G:\WINDOWS\system32\bpbdmrg.exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackgroundSwitcher] "G:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"
O4 - HKCU\..\Run: [024h Lucky Reminder] "G:\Program Files\024h Lucky Reminder\LuckyReminder.exe" /m
O4 - HKCU\..\Run: [Com32] G:\WINDOWS\system32\bpbdmrg.exe
O4 - HKCU\..\RunServicesOnce: [LogServ] G:\WINDOWS\system32\bpbdmrg.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Windows Search.lnk = G:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1250627791593
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PEVSystemStart - Unknown owner - G:\ComboFix\PEV.cfxxe
O23 - Service: PnkBstrA - Unknown owner - G:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - G:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8632 bytes

Any help would be greatly appreciated.
Thanks

EDIT: Moved from XP to more appropriate Malware Removal Logs forum ~ Hamluis.

Edited by hamluis, 23 May 2010 - 08:01 AM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:55 PM

Posted 23 May 2010 - 09:18 AM

Hello jammy_b

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Download the following GMER Rootkit Scanner from Here
  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)
  • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 jammy_b

jammy_b
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 23 May 2010 - 01:35 PM

OTL.txt:
OTL logfile created on: 23/05/2010 18:20:51 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = G:\Documents and Settings\James\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive C: | 148.96 Gb Total Space | 28.77 Gb Free Space | 19.31% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 32.87 Gb Free Space | 22.06% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465.75 Gb Total Space | 225.24 Gb Free Space | 48.36% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMES-EYWW20JM1
Current User Name: James
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - G:\Documents and Settings\James\Desktop\OTL.exe (OldTimer Tools)
PRC - G:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
PRC - C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
PRC - G:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - G:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - G:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - G:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - G:\Program Files\Razer\DeathAdder\razerhid.exe ()
PRC - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - G:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - G:\Program Files\Razer\DeathAdder\razerofa.exe (Razer Inc.)
PRC - G:\Program Files\Razer\DeathAdder\razertra.exe ()
PRC - G:\WINDOWS\system32\bpbdmrg.exe ()


========== Modules (SafeList) ==========

MOD - G:\Documents and Settings\James\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Xfire\xfire_toucan_42628.dll (Xfire Inc.)
MOD - G:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - G:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - G:\WINDOWS\system32\MSVCR71.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- File not found
SRV - (avast! Web Scanner) -- G:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- G:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- G:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (Apple Mobile Device) -- G:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (wlidsvc) -- G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (PnkBstrK) -- G:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (RegGuard) -- G:\WINDOWS\system32\drivers\regguard.sys (Greatis Software)
DRV - (aswTdi) -- G:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- G:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- G:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- G:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- G:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- G:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (Partizan) -- G:\WINDOWS\system32\drivers\Partizan.sys (Greatis Software)
DRV - (nv) -- G:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sptd) -- G:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- G:\Program Files\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (USBPNPA) -- G:\WINDOWS\system32\drivers\CM108.sys (C-Media Electronics Inc)
DRV - (nvnetbus) -- G:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- G:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (USB_RNDIS) -- G:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- G:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- G:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (SiFilter) -- G:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc)
DRV - (SiRemFil) -- G:\WINDOWS\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc)
DRV - (SI3132) -- G:\WINDOWS\system32\DRIVERS\SI3132.sys (Silicon Image, Inc)
DRV - (DAdderFltr) -- G:\WINDOWS\system32\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (rt2870) -- G:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (speedfan) -- G:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (CyUsb) -- G:\WINDOWS\system32\drivers\CYUSB.sys (Cypress Semiconductor)
DRV - (giveio) -- G:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = G:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = G:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - G:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/|http://www.youtube.com/|http://mail.live.com/default.aspx?wa=wsignin1.0|http://clanbase.ggl.com/news.php|http://www.facebook.com/home.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: mgDownloadHelper@yevgenyandrov.net:1.0.2
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/08/17 19:54:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: g:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/05 11:17:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: G:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/28 12:39:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2010/05/01 18:38:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2010/04/28 12:40:00 | 000,000,000 | ---D | M]

[2009/08/16 18:48:36 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Extensions
[2009/08/16 18:48:36 | 000,000,000 | ---D | M] (No name found) -- G:\Documents and Settings\James\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/05/23 11:24:45 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions
[2009/12/26 18:41:36 | 000,000,000 | ---D | M] (ChatZilla) -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/04/18 12:03:26 | 000,000,000 | ---D | M] (DownloadHelper) -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/14 16:38:55 | 000,000,000 | ---D | M] (Flash and Video Download) -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010/05/03 17:15:56 | 000,000,000 | ---D | M] (Adblock Plus) -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/24 14:10:46 | 000,000,000 | ---D | M] (FoxTab) -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/12/31 13:44:01 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\bejeweledblitz3cheat@thecybershadow(2).net
[2010/01/14 13:18:17 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\bejeweledblitz3cheat@thecybershadow.net
[2009/08/18 17:05:51 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\ChoiceGuard@Microsoft
[2009/12/30 14:45:45 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\lazarus@interclue.com
[2010/05/14 16:38:55 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\mgDownloadHelper@yevgenyandrov.net
[2010/03/21 12:59:17 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\SkipScreen@SkipScreen
[2010/04/18 12:03:26 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\tabscope@xuldev.org
[2010/05/23 18:17:12 | 000,000,000 | ---D | M] -- G:\Program Files\Mozilla Firefox\extensions
[2010/04/04 16:42:47 | 000,000,000 | ---D | M] (Default) -- G:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/27 19:04:02 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- G:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/08/17 21:30:36 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/18 13:22:53 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/04/28 12:40:02 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/04 16:42:41 | 000,023,000 | ---- | M] (Mozilla Foundation) -- G:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/04 16:42:41 | 000,138,712 | ---- | M] (Mozilla Foundation) -- G:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010/04/28 12:39:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/05/18 23:41:32 | 000,098,304 | ---- | M] (DivX, Inc) -- G:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/02/06 12:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/04/04 16:42:42 | 000,064,984 | ---- | M] (mozilla.org) -- G:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/04/04 00:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- G:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/08/17 19:54:29 | 000,144,960 | ---- | M] (RealNetworks, Inc.) -- G:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2010/04/15 14:17:28 | 000,159,744 | ---- | M] (Apple Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/04/15 14:17:28 | 000,159,744 | ---- | M] (Apple Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/04/15 14:17:29 | 000,159,744 | ---- | M] (Apple Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/04/15 14:17:29 | 000,159,744 | ---- | M] (Apple Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/04/15 14:17:29 | 000,159,744 | ---- | M] (Apple Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/04/15 14:17:29 | 000,159,744 | ---- | M] (Apple Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/04/15 14:17:29 | 000,159,744 | ---- | M] (Apple Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/08/17 19:54:33 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- G:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/08/17 19:54:27 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- G:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010/03/26 10:44:32 | 000,001,538 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/26 10:44:32 | 000,002,193 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/03/26 10:44:32 | 000,000,947 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/26 10:44:32 | 000,001,534 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/26 10:44:32 | 000,000,769 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/26 10:44:33 | 000,002,371 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/03/26 10:44:33 | 000,001,178 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/26 10:44:33 | 000,001,135 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/19 20:05:19 | 000,000,686 | ---- | M]) - G:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - G:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - G:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] G:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] G:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BDRegion] G:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Cm108Sound] File not found
O4 - HKLM..\Run: [DeathAdder] G:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [DivXUpdate] G:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [iTunesHelper] G:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] G:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] G:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] G:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] G:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WindowsDefender] G:\WINDOWS\system32\bpbdmrg.exe ()
O4 - HKCU..\Run: [024h Lucky Reminder] G:\Program Files\024h Lucky Reminder\LuckyReminder.exe ()
O4 - HKCU..\Run: [BackgroundSwitcher] G:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKCU..\Run: [Com32] G:\WINDOWS\system32\bpbdmrg.exe ()
O4 - HKCU..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] G:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\RunServicesOnce: [LogServ] G:\WINDOWS\system32\bpbdmrg.exe ()
O4 - Startup: G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = G:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: G:\Documents and Settings\James\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
F3 - HKCU WinNT: Load - (G:\WINDOWS\system32\bpbdmrg.exe) - G:\WINDOWS\system32\bpbdmrg.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - G:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - G:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - G:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - G:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1250627791593 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://G:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://G:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - G:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - G:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - G:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - G:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - G:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - G:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - G:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - G:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - G:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - G:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - G:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - G:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - G:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - G:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - G:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (G:\WINDOWS\SYSTEM32\Userinit.exe) - G:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (G:\WINDOWS\system32\bpbdmrg.exe) - G:\WINDOWS\system32\bpbdmrg.exe ()
O20 - HKLM Winlogon: UIHost - (logonui.exe) - G:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - G:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - G:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - G:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - G:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - G:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - G:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - G:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - G:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - G:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - G:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - G:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - G:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - G:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - G:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - G:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - G:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - G:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - G:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: G:\Documents and Settings\James\My Documents\My Pictures\i love viki.bmp
O24 - Desktop BackupWallPaper: G:\Documents and Settings\James\My Documents\My Pictures\i love viki.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - G:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - G:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - G:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - G:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - G:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - G:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - G:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - G:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - G:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - G:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - G:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - G:\WINDOWS\System32\Partizan.exe (Greatis Software)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - G:\WINDOWS\system32\ias [2009/08/16 19:01:29 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - G:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 18:19:47 | 000,571,904 | ---- | C] (OldTimer Tools) -- G:\Documents and Settings\James\Desktop\OTL.exe
[2010/05/23 11:21:26 | 000,000,000 | ---D | C] -- G:\Documents and Settings\James\Desktop\N
[2010/05/21 18:20:05 | 000,161,792 | ---- | C] (SteelWerX) -- G:\WINDOWS\SWREG.exe
[2010/05/21 18:20:05 | 000,031,232 | ---- | C] (NirSoft) -- G:\WINDOWS\NIRCMD.exe
[2010/05/21 18:20:04 | 000,212,480 | ---- | C] (SteelWerX) -- G:\WINDOWS\SWXCACLS.exe
[2010/05/21 18:20:04 | 000,136,704 | ---- | C] (SteelWerX) -- G:\WINDOWS\SWSC.exe
[2010/05/21 18:18:01 | 000,000,000 | --SD | C] -- G:\ComboFix
[2010/05/21 18:16:12 | 000,000,000 | ---D | C] -- G:\WINDOWS\ERDNT
[2010/05/21 18:16:11 | 000,389,120 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\CF26310.exe
[2010/05/21 18:16:10 | 000,000,000 | ---D | C] -- G:\Qoobox
[2010/05/21 17:51:26 | 000,000,000 | ---D | C] -- G:\Program Files\RegScrubXP
[2010/05/19 19:21:23 | 000,578,560 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\user32.dll
[2010/05/19 19:19:38 | 000,000,000 | ---D | C] -- G:\WINDOWS\ERUNT
[2010/05/19 19:11:53 | 000,000,000 | ---D | C] -- G:\SDFix
[2010/05/19 15:48:30 | 000,000,000 | ---D | C] -- G:\Program Files\Trend Micro
[2010/05/19 11:00:53 | 000,000,000 | -HSD | C] -- G:\Documents and Settings\James\PrivacIE
[2010/05/18 21:25:12 | 000,000,000 | ---D | C] -- G:\Documents and Settings\James\Application Data\Windows Search
[2010/05/14 16:21:09 | 002,083,312 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\pxsfs.dll
[2010/05/14 16:21:09 | 000,678,384 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\px.dll
[2010/05/14 16:21:09 | 000,559,600 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\pxdrv.dll
[2010/05/14 16:21:09 | 000,440,816 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\pxwave.dll
[2010/05/14 16:21:09 | 000,219,632 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\pxmas.dll
[2010/05/14 16:21:09 | 000,133,616 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\pxafs.dll
[2010/05/14 16:21:09 | 000,100,848 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\vxblock.dll
[2010/05/14 16:21:09 | 000,009,200 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/05/14 16:21:09 | 000,009,072 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010/05/14 09:52:45 | 000,000,000 | ---D | C] -- G:\Program Files\RegCleaner
[2010/05/13 13:55:07 | 000,000,000 | ---D | C] -- G:\Documents and Settings\James\Application Data\vlc
[2010/05/13 13:54:03 | 000,000,000 | ---D | C] -- G:\Program Files\VideoLAN
[2010/05/13 13:17:00 | 000,000,000 | ---D | C] -- G:\Documents and Settings\James\Local Settings\Application Data\Cyberlink
[2010/05/13 12:27:53 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Driving Test Success
[2010/05/13 12:27:53 | 000,000,000 | ---D | C] -- G:\Program Files\Driving Test Success - All Tests (2009-2010)
[2010/05/12 10:31:33 | 000,000,000 | -HSD | C] -- G:\Documents and Settings\James\IETldCache
[2010/05/12 10:17:09 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/05/12 10:16:54 | 000,000,000 | ---D | C] -- G:\Program Files\NVIDIA Corporation
[2010/05/12 10:11:01 | 000,000,000 | ---D | C] -- G:\WINDOWS\ie8updates
[2010/05/12 10:08:54 | 000,000,000 | -H-D | C] -- G:\WINDOWS\ie8
[2010/05/12 10:06:51 | 000,000,000 | ---D | C] -- G:\Program Files\Microsoft Silverlight
[2010/05/12 10:06:06 | 000,000,000 | ---D | C] -- G:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/05/12 10:04:55 | 000,000,000 | ---D | C] -- G:\Documents and Settings\James\Local Settings\Application Data\Identities
[2010/05/12 10:04:51 | 000,000,000 | ---D | C] -- G:\Documents and Settings\James\Application Data\Windows Desktop Search
[2010/05/12 10:04:28 | 000,000,000 | ---D | C] -- G:\Program Files\Windows Desktop Search
[2010/05/12 10:04:28 | 000,000,000 | ---D | C] -- G:\WINDOWS\System32\GroupPolicy
[2010/05/12 10:04:13 | 000,192,000 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\offfilt.dll
[2010/05/12 10:04:13 | 000,098,304 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\nlhtml.dll
[2010/05/12 10:04:13 | 000,029,696 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\mimefilt.dll
[2010/05/12 10:03:44 | 000,000,000 | ---D | C] -- G:\WINDOWS\ie7updates
[2010/05/12 10:03:37 | 011,070,976 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\ieframe.dll
[2010/05/12 10:03:37 | 003,698,584 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\ieapfltr.dat
[2010/05/12 10:03:37 | 001,985,536 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\iertutil.dll
[2010/05/12 10:03:37 | 001,241,088 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2010/05/12 10:03:37 | 000,594,432 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/05/12 10:03:37 | 000,445,952 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/05/12 10:03:37 | 000,059,904 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\icardie.dll
[2010/05/12 10:03:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/05/12 10:03:37 | 000,013,824 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/05/12 10:03:29 | 000,000,000 | ---D | C] -- G:\WINDOWS\WBEM
[2010/05/12 10:02:17 | 000,000,000 | -H-D | C] -- G:\WINDOWS\ie7
[2010/05/12 10:02:10 | 000,000,000 | -H-D | C] -- G:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/05/12 10:01:58 | 000,000,000 | -H-D | C] -- G:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/05/11 11:56:00 | 000,068,880 | ---- | C] (Belus Technology Inc.) -- G:\WINDOWS\System32\XZip.dll
[2010/05/11 10:25:39 | 000,000,000 | ---D | C] -- G:\Program Files\DExUS
[2010/05/03 12:38:15 | 000,000,000 | ---D | C] -- G:\Program Files\iPod
[2010/05/03 12:35:37 | 000,000,000 | ---D | C] -- G:\Program Files\Bonjour
[2010/04/28 12:41:47 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Java
[2010/04/28 12:40:00 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\deployJava1.dll
[2010/04/28 12:40:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\javaws.exe
[2010/04/28 12:40:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\javaw.exe
[2010/04/28 12:40:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\java.exe
[2010/04/28 12:40:00 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\javacpl.cpl
[2010/04/26 23:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- G:\WINDOWS\System32\DivXControlPanelApplet.cpl
[6 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]
[3 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/23 18:21:33 | 000,293,376 | ---- | M] () -- G:\Documents and Settings\James\Desktop\l378nw29.exe
[2010/05/23 18:19:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- G:\Documents and Settings\James\Desktop\OTL.exe
[2010/05/23 18:16:26 | 000,276,202 | ---- | M] () -- G:\WINDOWS\System32\NvApps.xml
[2010/05/23 18:04:00 | 000,000,006 | -H-- | M] () -- G:\WINDOWS\tasks\SA.DAT
[2010/05/23 18:03:54 | 000,002,048 | --S- | M] () -- G:\WINDOWS\bootstat.dat
[2010/05/23 16:40:58 | 012,058,624 | ---- | M] () -- G:\Documents and Settings\James\ntuser.dat
[2010/05/23 16:40:58 | 000,000,178 | -HS- | M] () -- G:\Documents and Settings\James\ntuser.ini
[2010/05/23 11:16:40 | 000,001,048 | ---- | M] () -- G:\Documents and Settings\James\Desktop\John's Background Switcher.lnk
[2010/05/23 11:14:40 | 000,002,447 | ---- | M] () -- G:\Documents and Settings\James\Desktop\HiJackThis.lnk
[2010/05/23 11:14:03 | 000,002,422 | ---- | M] () -- G:\WINDOWS\System32\wpa.dbl
[2010/05/21 18:17:19 | 003,693,488 | R--- | M] () -- G:\Documents and Settings\James\Desktop\ComboFix.exe
[2010/05/21 18:16:08 | 000,389,120 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\System32\CF26310.exe
[2010/05/21 18:12:40 | 000,069,232 | ---- | M] () -- G:\Documents and Settings\James\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/21 18:07:18 | 000,264,616 | ---- | M] () -- G:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/21 18:02:57 | 000,002,626 | ---- | M] () -- G:\WINDOWS\System32\CONFIG.NT
[2010/05/21 17:55:08 | 000,137,464 | ---- | M] () -- G:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/05/21 17:54:59 | 000,214,520 | ---- | M] () -- G:\WINDOWS\System32\PnkBstrB.xtr
[2010/05/21 17:51:26 | 000,000,650 | ---- | M] () -- G:\Documents and Settings\James\Desktop\RegScrubXP.lnk
[2010/05/20 00:18:12 | 000,024,416 | ---- | M] (Greatis Software) -- G:\WINDOWS\System32\drivers\regguard.sys
[2010/05/19 23:05:27 | 000,002,137 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/19 20:05:19 | 000,000,686 | ---- | M] () -- G:\WINDOWS\System32\drivers\etc\HOSTS
[2010/05/19 19:21:23 | 000,578,560 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\user32.dll
[2010/05/19 00:30:53 | 000,000,701 | ---- | M] () -- G:\WINDOWS\win.ini
[2010/05/19 00:30:53 | 000,000,227 | ---- | M] () -- G:\WINDOWS\system.ini
[2010/05/16 16:44:46 | 000,002,597 | ---- | M] () -- G:\Documents and Settings\James\Desktop\Moongamers Patch Switcher.lnk
[2010/05/14 17:03:40 | 000,000,128 | ---- | M] () -- G:\Documents and Settings\James\Local Settings\Application Data\fusioncache.dat
[2010/05/14 16:43:40 | 000,018,944 | ---- | M] () -- G:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 16:21:24 | 000,001,469 | ---- | M] () -- G:\Documents and Settings\James\Desktop\DivX Movies.lnk
[2010/05/14 16:21:17 | 000,000,777 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/14 16:20:11 | 000,000,817 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/14 10:45:06 | 000,012,935 | ---- | M] () -- G:\Documents and Settings\James\Desktop\config_mp_bturbo_edit3_asd.cfg
[2010/05/14 09:52:46 | 000,000,645 | ---- | M] () -- G:\Documents and Settings\James\Desktop\RegCleaner.lnk
[2010/05/13 21:27:04 | 000,001,374 | ---- | M] () -- G:\WINDOWS\imsins.BAK
[2010/05/13 13:54:24 | 000,000,719 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/05/13 13:14:32 | 000,029,480 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\System32\msxml3a.dll
[2010/05/13 12:30:43 | 000,000,810 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Driving Test Success - All Tests.lnk
[2010/05/12 10:15:21 | 000,538,830 | ---- | M] () -- G:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/12 10:15:21 | 000,468,306 | ---- | M] () -- G:\WINDOWS\System32\perfh009.dat
[2010/05/12 10:15:21 | 000,080,006 | ---- | M] () -- G:\WINDOWS\System32\perfc009.dat
[2010/05/12 10:04:33 | 000,001,787 | ---- | M] () -- G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/11 11:56:00 | 000,068,880 | ---- | M] (Belus Technology Inc.) -- G:\WINDOWS\System32\XZip.dll
[2010/05/11 10:25:42 | 000,000,647 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Universal Anticheat 2.lnk
[2010/05/09 14:36:51 | 000,011,488 | ---- | M] () -- G:\Documents and Settings\James\Desktop\The accident occurred at the traffic lights at the Anchor Hill crossroads at 8pm on.docx
[2010/05/09 10:48:01 | 000,012,431 | ---- | M] () -- G:\Documents and Settings\James\Desktop\snail_edit.cfg
[2010/05/07 20:52:46 | 000,041,872 | ---- | M] () -- G:\WINDOWS\System32\xfcodec.dll
[2010/05/06 21:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- G:\WINDOWS\System32\aswBoot.exe
[2010/05/06 21:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- G:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 21:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- G:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 21:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- G:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 21:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- G:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 21:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- G:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 21:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- G:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 21:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- G:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/06 21:12:13 | 000,042,968 | ---- | M] () -- G:\Documents and Settings\James\Desktop\XmasAtlas.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 12:39:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\deployJava1.dll
[2010/04/28 12:39:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\javaws.exe
[2010/04/28 12:39:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\javaw.exe
[2010/04/28 12:39:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\java.exe
[2010/04/28 12:39:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\javacpl.cpl
[2010/04/28 11:45:10 | 000,011,284 | ---- | M] () -- G:\Documents and Settings\James\Desktop\config_mp_bturbo_edit4.cfg
[2010/04/28 09:40:09 | 000,010,551 | ---- | M] () -- G:\Documents and Settings\James\Desktop\solz_edit.cfg
[2010/04/27 11:22:56 | 000,010,185 | ---- | M] () -- G:\Documents and Settings\James\Desktop\config_mp_prinz_edit.cfg
[2010/04/26 23:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- G:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 21:15:55 | 000,009,986 | ---- | M] () -- G:\Documents and Settings\James\Desktop\trigger_edit.cfg
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- G:\WINDOWS\PEV.exe
[6 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]
[3 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/23 18:21:46 | 000,293,376 | ---- | C] () -- G:\Documents and Settings\James\Desktop\l378nw29.exe
[2010/05/21 18:42:44 | 001,048,576 | ---- | C] () -- G:\Documents and Settings\James\Desktop\1603.BIN
[2010/05/21 18:41:52 | 001,048,576 | ---- | C] () -- G:\Documents and Settings\James\Desktop\0901.BIN
[2010/05/21 18:20:05 | 000,256,512 | ---- | C] () -- G:\WINDOWS\PEV.exe
[2010/05/21 18:20:05 | 000,080,412 | ---- | C] () -- G:\WINDOWS\grep.exe
[2010/05/21 18:20:05 | 000,077,312 | ---- | C] () -- G:\WINDOWS\MBR.exe
[2010/05/21 18:20:05 | 000,068,096 | ---- | C] () -- G:\WINDOWS\zip.exe
[2010/05/21 18:20:04 | 000,098,816 | ---- | C] () -- G:\WINDOWS\sed.exe
[2010/05/21 18:15:00 | 003,693,488 | R--- | C] () -- G:\Documents and Settings\James\Desktop\ComboFix.exe
[2010/05/21 17:51:26 | 000,000,650 | ---- | C] () -- G:\Documents and Settings\James\Desktop\RegScrubXP.lnk
[2010/05/19 15:48:30 | 000,002,447 | ---- | C] () -- G:\Documents and Settings\James\Desktop\HiJackThis.lnk
[2010/05/14 17:03:40 | 000,000,128 | ---- | C] () -- G:\Documents and Settings\James\Local Settings\Application Data\fusioncache.dat
[2010/05/14 09:52:46 | 000,000,645 | ---- | C] () -- G:\Documents and Settings\James\Desktop\RegCleaner.lnk
[2010/05/13 13:54:24 | 000,000,719 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/05/13 12:30:43 | 000,000,810 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Driving Test Success - All Tests.lnk
[2010/05/12 10:04:33 | 000,001,787 | ---- | C] () -- G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/11 23:47:24 | 000,434,176 | RHS- | C] () -- G:\WINDOWS\System32\cffmon.exe
[2010/05/11 10:25:42 | 000,000,647 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Universal Anticheat 2.lnk
[2010/05/09 14:36:51 | 000,011,488 | ---- | C] () -- G:\Documents and Settings\James\Desktop\The accident occurred at the traffic lights at the Anchor Hill crossroads at 8pm on.docx
[2010/05/09 10:48:44 | 000,012,431 | ---- | C] () -- G:\Documents and Settings\James\Desktop\snail_edit.cfg
[2010/05/07 20:52:46 | 000,041,872 | ---- | C] () -- G:\WINDOWS\System32\xfcodec.dll
[2010/05/06 21:12:13 | 000,042,968 | ---- | C] () -- G:\Documents and Settings\James\Desktop\XmasAtlas.jpg
[2010/05/06 21:08:33 | 000,012,935 | ---- | C] () -- G:\Documents and Settings\James\Desktop\config_mp_bturbo_edit3_asd.cfg
[2010/05/03 12:38:47 | 000,002,137 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/28 11:45:10 | 000,011,284 | ---- | C] () -- G:\Documents and Settings\James\Desktop\config_mp_bturbo_edit4.cfg
[2010/04/27 11:22:56 | 000,010,185 | ---- | C] () -- G:\Documents and Settings\James\Desktop\config_mp_prinz_edit.cfg
[2010/04/25 17:49:42 | 000,009,986 | ---- | C] () -- G:\Documents and Settings\James\Desktop\trigger_edit.cfg
[2010/03/03 22:07:49 | 000,182,275 | ---- | C] () -- G:\WINDOWS\System32\d3d10core.dll
[2010/03/03 22:07:49 | 000,124,931 | ---- | C] () -- G:\WINDOWS\System32\dxgi.dll
[2010/03/03 22:07:47 | 000,376,832 | ---- | C] () -- G:\WINDOWS\System32\M2000Twn.dll
[2010/03/03 22:07:45 | 000,073,728 | ---- | C] () -- G:\WINDOWS\System32\CompressATI2.dll
[2010/01/20 22:16:24 | 000,721,904 | ---- | C] () -- G:\WINDOWS\System32\drivers\sptd.sys
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- G:\WINDOWS\System32\xlive.dll.cat
[2009/11/04 14:54:23 | 000,000,754 | ---- | C] () -- G:\WINDOWS\WORDPAD.INI
[2009/08/25 15:01:31 | 000,168,448 | ---- | C] () -- G:\WINDOWS\System32\unrar.dll
[2009/08/25 15:01:30 | 000,000,038 | ---- | C] () -- G:\WINDOWS\avisplitter.ini
[2009/08/25 15:01:29 | 000,881,664 | ---- | C] () -- G:\WINDOWS\System32\xvidcore.dll
[2009/08/25 15:01:29 | 000,205,824 | ---- | C] () -- G:\WINDOWS\System32\xvidvfw.dll
[2009/08/25 15:01:28 | 000,085,504 | ---- | C] () -- G:\WINDOWS\System32\ff_vfw.dll
[2009/08/25 15:01:28 | 000,000,547 | ---- | C] () -- G:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/08/17 19:54:53 | 000,000,025 | ---- | C] () -- G:\WINDOWS\cdplayer.ini
[2009/08/17 12:48:22 | 000,137,464 | ---- | C] () -- G:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/08/17 12:27:16 | 000,000,319 | ---- | C] () -- G:\WINDOWS\game.ini
[2009/08/17 12:06:42 | 000,000,262 | ---- | C] () -- G:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/17 11:40:38 | 000,045,056 | -H-- | C] () -- G:\WINDOWS\System32\CM108rm.dll
[2009/08/17 11:40:38 | 000,000,221 | ---- | C] () -- G:\WINDOWS\Cm108.ini.cfl
[2009/08/17 11:40:21 | 000,000,939 | -H-- | C] () -- G:\WINDOWS\Cm108.ini.cfg
[2009/08/17 11:40:19 | 000,001,218 | -H-- | C] () -- G:\WINDOWS\cm108.ini
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- G:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelFrench.dll
[2008/07/09 12:02:00 | 000,286,720 | ---- | C] () -- G:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- G:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- G:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- G:\WINDOWS\System32\gthrctr.ini
[2006/07/13 06:36:36 | 001,167,360 | ---- | C] () -- G:\WINDOWS\System32\acAuth.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- G:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/04/18 22:44:10 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/01/20 22:19:28 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/05/13 13:12:18 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Driving Test Success
[2009/09/16 17:35:45 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\id Software
[2010/05/14 09:52:36 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/15 14:20:16 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 11:08:50 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/17 12:37:48 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/01/21 13:02:28 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\DAEMON Tools
[2010/01/20 22:16:19 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\DAEMON Tools Pro
[2009/09/02 13:46:43 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\dBpoweramp
[2009/09/16 17:35:56 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\id Software
[2010/01/20 19:27:13 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\johnsadventures.com
[2009/08/23 20:06:34 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mumble
[2010/01/21 14:20:32 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Octoshape
[2010/01/02 23:23:07 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Razer
[2009/12/01 20:18:15 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\TeamViewer
[2010/04/06 19:16:51 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\TS3Client
[2010/04/18 13:20:51 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\uTorrent
[2010/05/12 10:04:51 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Windows Desktop Search
[2010/05/18 21:25:12 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/21 18:12:59 | 000,000,109 | ---- | M] () -- G:\mbam-error.txt
[2010/05/23 18:03:47 | 2145,386,496 | -HS- | M] () -- G:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 01:11:54 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\WINDOWS\system32\hnetcfg.dll
[2010/02/25 07:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\WINDOWS\system32\iepeers.dll
[2008/04/14 01:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- G:\WINDOWS\system32\msvbvm60.dll
[3 G:\WINDOWS\system32\*.tmp files -> G:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/08/16 19:02:52 | 000,094,208 | ---- | M] () -- G:\WINDOWS\system32\config\default.sav
[2009/08/16 19:02:52 | 000,602,112 | ---- | M] () -- G:\WINDOWS\system32\config\software.sav
[2009/08/16 19:02:52 | 000,475,136 | ---- | M] () -- G:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/06 21:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- G:\WINDOWS\system32\drivers\aavmker4.sys
[2010/05/06 21:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- G:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/05/06 21:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- G:\WINDOWS\system32\drivers\aswmon.sys
[2010/05/06 21:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- G:\WINDOWS\system32\drivers\aswmon2.sys
[2010/05/06 21:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- G:\WINDOWS\system32\drivers\aswRdr.sys
[2010/05/06 21:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- G:\WINDOWS\system32\drivers\aswSP.sys
[2010/05/06 21:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- G:\WINDOWS\system32\drivers\aswTdi.sys
[2010/03/31 02:58:04 | 000,009,072 | ---- | M] (Sonic Solutions) -- G:\WINDOWS\system32\drivers\cdr4_xp.sys
[2010/03/31 02:58:04 | 000,009,200 | ---- | M] (Sonic Solutions) -- G:\WINDOWS\system32\drivers\cdralw2k.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 14:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/04/03 22:55:32 | 010,232,128 | ---- | M] (NVIDIA Corporation) -- G:\WINDOWS\system32\drivers\nv4_mini.sys
[2010/04/18 14:29:34 | 000,035,816 | ---- | M] (Greatis Software) -- G:\WINDOWS\system32\drivers\Partizan.sys
[2010/05/21 17:55:08 | 000,137,464 | ---- | M] () -- G:\WINDOWS\system32\drivers\PnkBstrK.sys
[2010/03/31 02:58:04 | 000,044,944 | ---- | M] (Sonic Solutions) -- G:\WINDOWS\system32\drivers\PxHelp20.sys
[2010/05/20 00:18:12 | 000,024,416 | ---- | M] (Greatis Software) -- G:\WINDOWS\system32\drivers\regguard.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 126 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
Extras.txt:
OTL Extras logfile created on: 23/05/2010 18:20:51 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = G:\Documents and Settings\James\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive C: | 148.96 Gb Total Space | 28.77 Gb Free Space | 19.31% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 32.87 Gb Free Space | 22.06% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465.75 Gb Total Space | 225.24 Gb Free Space | 48.36% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMES-EYWW20JM1
Current User Name: James
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "G:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- G:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"G:\Program Files\Windows Live\Messenger\wlcsdk.exe" = G:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"G:\Program Files\Windows Live\Messenger\msnmsgr.exe" = G:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"G:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = G:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"G:\Program Files\Ventrilo\Ventrilo.exe" = G:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"G:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = G:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp -- File not found
"G:\Program Files\Java\jre6\bin\javaw.exe" = G:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"G:\Program Files\Windows Live\Messenger\wlcsdk.exe" = G:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"G:\Program Files\Java\jre6\bin\java.exe" = G:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Left 4 Dead\left4dead.exe" = D:\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- ()
"G:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = G:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"G:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = G:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"G:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = G:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"G:\Program Files\Sierra\FEAR\FEAR.exe" = G:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"G:\Program Files\Sierra\FEAR\FEARMP.exe" = G:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEARMP -- (Monolith Productions, Inc.)
"G:\WINDOWS\system32\PnkBstrA.exe" = G:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"G:\WINDOWS\system32\PnkBstrB.exe" = G:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"G:\Program Files\Mozilla Firefox\firefox.exe" = G:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- File not found
"G:\Program Files\Windows Live\Messenger\msnmsgr.exe" = G:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"G:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" = G:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"G:\WINDOWS\system32\mmc.exe" = G:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"G:\Program Files\TeamViewer\Version5\TeamViewer.exe" = G:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"G:\Documents and Settings\James\Local Settings\Temp\Rar$EX00.625\WEPdecoder\WEPdecoder.exe" = G:\Documents and Settings\James\Local Settings\Temp\Rar$EX00.625\WEPdecoder\WEPdecoder.exe:*:Disabled:WEP key recovery -- File not found
"G:\Program Files\Steam\Steam.exe" = G:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"G:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = G:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"G:\Left 4 Dead\left4dead.exe" = G:\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- ()
"G:\Program Files\Steam\steamapps\jammy_b\counter-strike source\hl2.exe" = G:\Program Files\Steam\steamapps\jammy_b\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"G:\Program Files\Activision\Prototype\prototypef.exe" = G:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype™ -- (Activision)
"G:\Documents and Settings\James\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = G:\Documents and Settings\James\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"G:\Program Files\Skype\Plugin Manager\skypePM.exe" = G:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"G:\Program Files\Skype\Phone\Skype.exe" = G:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"G:\Program Files\Volition Inc\Red Faction Guerrilla\rfg.exe" = G:\Program Files\Volition Inc\Red Faction Guerrilla\rfg.exe:*:Enabled:Red Faction: Guerrilla -- (THQ Inc.)
"G:\Program Files\Steam\steamapps\common\lost planet extreme condition\LostPlanetDX9.exe" = G:\Program Files\Steam\steamapps\common\lost planet extreme condition\LostPlanetDX9.exe:*:Enabled:Lost Planet: Extreme Condition -- (CAPCOM CO., LTD.)
"G:\Program Files\Steam\steamapps\common\lost planet extreme condition\LostPlanetDX10.exe" = G:\Program Files\Steam\steamapps\common\lost planet extreme condition\LostPlanetDX10.exe:*:Enabled:Lost Planet: Extreme Condition -- (CAPCOM CO., LTD.)
"G:\Program Files\Warhammer 40000 Dawn of War II - Chaos Rising\DOW2.exe" = G:\Program Files\Warhammer 40000 Dawn of War II - Chaos Rising\DOW2.exe:*:Enabled:Dawn of War II -- (THQ Canada Inc.)
"G:\Program Files\Steam\steamapps\common\mini ninjas - demo\ninja.exe" = G:\Program Files\Steam\steamapps\common\mini ninjas - demo\ninja.exe:*:Enabled:Mini Ninjas - Demo -- (Io Interactive A/S)
"G:\Program Files\Bonjour\mDNSResponder.exe" = G:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"G:\Program Files\iTunes\iTunes.exe" = G:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"G:\Program Files\uTorrent\uTorrent.exe" = G:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"G:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = G:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"G:\WINDOWS\system32\bpbdmrg.exe" = G:\WINDOWS\system32\bpbdmrg.exe:*:Enabled:WinServer -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B9E0BD1-328D-415C-80A5-6B0028F0C104}" = Call of Duty® 2 Patch 1.2
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99BEB67F-B288-44F5-8B2A-23F5F522A1AE}_is1" = Universal Anticheat 2 v2.34 b308
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9FDCD01E-9926-4399-8BB9-74EEBE604C11}" = Quake Live Mozilla Plugin
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1" = John's Background Switcher 4.2
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE510252-96FC-49C1-AE63-36E1C49314CD}" = Moongamer's CoD2 Patch Switcher
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F7F393-A8E8-42CC-8C2E-7A999B48B2AE}_is1" = DirectX10 LV (Last Version)
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"024h Lucky Reminder_is1" = 024h Lucky Reminder v1.83
"13860389BCE916343D6A5C65169C6F0C6BF6E3EA" = Windows Driver Package - Cypress (CyUsb) USB
"7BDD6421B73797179E9A97E5C7DE019FBC77147F" = Windows Driver Package - Razer (HidUsb) HIDClass (04/04/2009 1.0.5.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"DA73216D935E3CBA996AFD6E6513ECC587E0C3C1" = Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2009-2010)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"Generic USB 108 Sound" = SteelSeries USB Sound Card
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mirrors Edge_is1" = Mirrors Edge
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mumble" = Mumble and Murmur
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PunkBusterSvc" = PunkBuster Services
"RAR Password Cracker" = RAR Password Cracker 4.12
"RealPlayer 6.0" = RealPlayer
"RegScrubXP_is1" = RegScrubXP 3.25
"Seismovision 3" = Seismovision 3 (remove only)
"SpeedFan" = SpeedFan (remove only)
"Steam App 240" = Counter-Strike: Source
"Steam App 33310" = R.U.S.E. Beta
"Steam App 35050" = Mini Ninjas - Demo
"Steam App 6510" = Lost Planet: Extreme Condition
"TeamViewer 5" = TeamViewer 5
"UnHackMe_is1" = UnHackMe 5.80 release
"uTorrent" = µTorrent
"VentriloMIX" = VentriloMIX
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"X-ray Anti-Cheat" = X-ray Anti-Cheat

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 05/11/2009 12:22:00 | Computer Name = JAMES-EYWW20JM1 | Source = avast! | ID = 33554522
Description =

Error - 05/11/2009 12:22:00 | Computer Name = JAMES-EYWW20JM1 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 19/05/2010 08:52:48 | Computer Name = JAMES-EYWW20JM1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19/05/2010 08:52:48 | Computer Name = JAMES-EYWW20JM1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953

Error - 19/05/2010 08:52:48 | Computer Name = JAMES-EYWW20JM1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

Error - 19/05/2010 19:07:35 | Computer Name = JAMES-EYWW20JM1 | Source = Windows Search Service | ID = 3013
Description = The entry <G:\DOCUMENTS AND SETTINGS\JAMES\MY DOCUMENTS\REGRUN2\MYDATABASE.RDB>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 19/05/2010 19:07:35 | Computer Name = JAMES-EYWW20JM1 | Source = Windows Search Service | ID = 3013
Description = The entry <G:\DOCUMENTS AND SETTINGS\JAMES\MY DOCUMENTS\REGRUN2\MYDATABASE.RDB>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 19/05/2010 19:07:38 | Computer Name = JAMES-EYWW20JM1 | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 19/05/2010 19:07:38 | Computer Name = JAMES-EYWW20JM1 | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 19/05/2010 19:07:38 | Computer Name = JAMES-EYWW20JM1 | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 19/05/2010 19:07:38 | Computer Name = JAMES-EYWW20JM1 | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 19/05/2010 19:07:38 | Computer Name = JAMES-EYWW20JM1 | Source = Bonjour Service | ID = 100
Description = 424: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 21/05/2010 13:40:11 | Computer Name = JAMES-EYWW20JM1 | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 89cce950, parameter3
89cceac4, parameter4 805d2954.

Error - 21/05/2010 13:40:12 | Computer Name = JAMES-EYWW20JM1 | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 89eefda0, parameter3
89eeff14, parameter4 805d2954.

Error - 21/05/2010 13:40:13 | Computer Name = JAMES-EYWW20JM1 | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 89e5e610, parameter3
89e5e784, parameter4 805d2954.

Error - 21/05/2010 13:40:13 | Computer Name = JAMES-EYWW20JM1 | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 89d31548, parameter3
89d316bc, parameter4 805d2954.

Error - 21/05/2010 13:40:14 | Computer Name = JAMES-EYWW20JM1 | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 89d3c610, parameter3
89d3c784, parameter4 805d2954.

Error - 21/05/2010 13:40:15 | Computer Name = JAMES-EYWW20JM1 | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 89f4a400, parameter3
89f4a574, parameter4 805d2954.

Error - 21/05/2010 13:40:15 | Computer Name = JAMES-EYWW20JM1 | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 8a314b78, parameter3
8a314cec, parameter4 805d2954.

Error - 23/05/2010 06:19:26 | Computer Name = JAMES-EYWW20JM1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 23/05/2010 13:21:07 | Computer Name = JAMES-EYWW20JM1 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 23/05/2010 13:21:07 | Computer Name = JAMES-EYWW20JM1 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

GMER report to follow

#4 jammy_b

jammy_b
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 23 May 2010 - 02:44 PM

I wasnt able to copy the GMER log into the post because it kept crashing my firefox, and the total size of the .txt file was 913 kb, so i was unable to upload it as an attachment. You should be able to get it from http://www.mediafire.com/file/y2r0xmjyqyt/ark.txt.
Please let me know if this is acceptable.

Edited by jammy_b, 23 May 2010 - 02:44 PM.


#5 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:55 PM

Posted 23 May 2010 - 03:46 PM

That is fine.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    O4 - HKLM..\Run: [WindowsDefender] G:\WINDOWS\system32\bpbdmrg.exe ()
    O4 - HKCU..\Run: [Com32] G:\WINDOWS\system32\bpbdmrg.exe ()
    F3 - HKCU WinNT: Load - (G:\WINDOWS\system32\bpbdmrg.exe) - G:\WINDOWS\system32\bpbdmrg.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O20 - HKLM Winlogon: UserInit - (G:\WINDOWS\system32\bpbdmrg.exe) - G:\WINDOWS\system32\bpbdmrg.exe ()

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    G:\WINDOWS\system32\bpbdmrg.exe"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    "load"=""


    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Malwarebytes' Anti-Malware=================================
Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Virus scan=================================
Please click here to download VRT by Kaspersky.
  1. Double click on the file you just downloaded and let it install.
  2. It will install to your desktop.
  3. After that leave what is selected and put a check next to My Computer.
  4. Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
  5. Then click on Start Scan.
  6. Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  7. When the scan is done no log will be produced.
  8. Click on the bottom where it says Report to open the report.
  9. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  10. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  11. You can save this on the desktop.
  12. Post the contents of the document in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#6 jammy_b

jammy_b
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 24 May 2010 - 10:59 AM

Attempting the OTL fix resulted in the same BSOD as before.

Malwarebytes log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4138

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/05/2010 16:08:41
mbam-log-2010-05-24 (16-08-41).txt

Scan type: Full scan (G:\|)
Objects scanned: 213138
Time elapsed: 36 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
G:\Documents and Settings\James\My Documents\Downloads\07_The_Risky_presents_Future_sounds_and_ Inside_Info_Freak_energy.rar.exe\07_The_Risky_presents_Future_sounds_and_ Inside_Info_Freak_energy.rar.exe (Adware.TMAagent) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\cffmon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

note: i watched the scan as it scanned system32, and it completely bypassed bpbdmrg.exe

VRT scan to follow

#7 jammy_b

jammy_b
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 24 May 2010 - 11:10 AM

VRT Scan Report following reboot:
Autoscan: stopped 8 minutes ago (events: 3, objects: 9, time: 00:00:18)
24/05/2010 16:58:52 Task started
24/05/2010 16:58:56 Detected: Worm.Win32.AutoRun.bgxg G:\WINDOWS\System32\bpbdmrg.exe
24/05/2010 16:59:12 Task stopped
Disinfect active threats: completed 3 minutes ago (events: 7, objects: 3721, time: 00:04:35)
24/05/2010 16:59:10 Task started
24/05/2010 16:59:10 Detected: Worm.Win32.AutoRun.bgxg G:\WINDOWS\System32\bpbdmrg.exe
24/05/2010 16:59:48 Will be deleted on system restart: Worm.Win32.AutoRun.bgxg G:\WINDOWS\System32\bpbdmrg.exe
24/05/2010 17:00:15 Detected: Worm.Win32.AutoRun.bgxg G:\WINDOWS\System32\bpbdmrg.exe
24/05/2010 17:00:24 Detected: Worm.Win32.AutoRun.bgxg G:\WINDOWS\System32\bpbdmrg.exe
24/05/2010 17:00:41 Will be deleted on system restart: Worm.Win32.AutoRun.bgxg G:\WINDOWS\System32\bpbdmrg.exe
24/05/2010 17:03:45 Task completed

looks like this one got it, however is there anything i can do to check it hasnt reinstalled itself anywhere else?

If not thanks a million, i've been trying to get rid of this for weeks with but to no avail.

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:55 PM

Posted 24 May 2010 - 12:57 PM

Yes please run OTL once more with the following instructions.
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 jammy_b

jammy_b
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 25 May 2010 - 04:35 AM

OTL log:
OTL logfile created on: 25/05/2010 10:26:58 - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = G:\Documents and Settings\James\Desktop\Virus ting
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive C: | 148.96 Gb Total Space | 28.77 Gb Free Space | 19.31% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 32.87 Gb Free Space | 22.06% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465.75 Gb Total Space | 223.77 Gb Free Space | 48.05% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMES-EYWW20JM1
Current User Name: James
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - G:\Documents and Settings\James\Desktop\Virus ting\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
PRC - G:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - G:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - G:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - G:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - G:\Program Files\Razer\DeathAdder\razerhid.exe ()
PRC - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - G:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - G:\Program Files\Razer\DeathAdder\razerofa.exe (Razer Inc.)
PRC - G:\Program Files\Razer\DeathAdder\razertra.exe ()


========== Modules (SafeList) ==========

MOD - G:\Documents and Settings\James\Desktop\Virus ting\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Xfire\xfire_toucan_42628.dll (Xfire Inc.)
MOD - G:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - G:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - G:\WINDOWS\system32\MSVCR71.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- G:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- G:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- G:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (Apple Mobile Device) -- G:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (wlidsvc) -- G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (PnkBstrK) -- G:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (RegGuard) -- G:\WINDOWS\system32\drivers\regguard.sys (Greatis Software)
DRV - (aswTdi) -- G:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- G:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- G:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- G:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- G:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- G:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (Partizan) -- G:\WINDOWS\system32\drivers\Partizan.sys (Greatis Software)
DRV - (nv) -- G:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sptd) -- G:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- G:\Program Files\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (USBPNPA) -- G:\WINDOWS\system32\drivers\CM108.sys (C-Media Electronics Inc)
DRV - (nvnetbus) -- G:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- G:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (USB_RNDIS) -- G:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- G:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- G:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (SiFilter) -- G:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc)
DRV - (SiRemFil) -- G:\WINDOWS\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc)
DRV - (SI3132) -- G:\WINDOWS\system32\DRIVERS\SI3132.sys (Silicon Image, Inc)
DRV - (DAdderFltr) -- G:\WINDOWS\system32\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (rt2870) -- G:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (speedfan) -- G:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (CyUsb) -- G:\WINDOWS\system32\drivers\CYUSB.sys (Cypress Semiconductor)
DRV - (giveio) -- G:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = G:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = G:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - G:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/|http://www.youtube.com/|http://mail.live.com/default.aspx?wa=wsignin1.0|http://clanbase.ggl.com/news.php|http://www.facebook.com/home.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: mgDownloadHelper@yevgenyandrov.net:1.0.2
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/08/17 19:54:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: g:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/05 11:17:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: G:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/28 12:39:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2010/05/01 18:38:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2010/04/28 12:40:00 | 000,000,000 | ---D | M]

[2009/08/16 18:48:36 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Extensions
[2009/08/16 18:48:36 | 000,000,000 | ---D | M] (No name found) -- G:\Documents and Settings\James\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/05/24 16:36:49 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions
[2009/12/26 18:41:36 | 000,000,000 | ---D | M] (ChatZilla) -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/04/18 12:03:26 | 000,000,000 | ---D | M] (DownloadHelper) -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/14 16:38:55 | 000,000,000 | ---D | M] (Flash and Video Download) -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010/05/03 17:15:56 | 000,000,000 | ---D | M] (Adblock Plus) -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/24 14:10:46 | 000,000,000 | ---D | M] (FoxTab) -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/12/31 13:44:01 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\bejeweledblitz3cheat@thecybershadow(2).net
[2010/01/14 13:18:17 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\bejeweledblitz3cheat@thecybershadow.net
[2009/08/18 17:05:51 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\ChoiceGuard@Microsoft
[2009/12/30 14:45:45 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\lazarus@interclue.com
[2010/05/14 16:38:55 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\mgDownloadHelper@yevgenyandrov.net
[2010/03/21 12:59:17 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\SkipScreen@SkipScreen
[2010/04/18 12:03:26 | 000,000,000 | ---D | M] -- G:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\yf1dd4h0.default\extensions\tabscope@xuldev.org
[2010/05/25 10:24:25 | 000,000,000 | ---D | M] -- G:\Program Files\Mozilla Firefox\extensions
[2010/04/04 16:42:47 | 000,000,000 | ---D | M] (Default) -- G:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/27 19:04:02 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- G:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/08/17 21:30:36 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/18 13:22:53 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/04/28 12:40:02 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/04 16:42:41 | 000,023,000 | ---- | M] (Mozilla Foundation) -- G:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/04 16:42:41 | 000,138,712 | ---- | M] (Mozilla Foundation) -- G:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010/04/28 12:39:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/05/18 23:41:32 | 000,098,304 | ---- | M] (DivX, Inc) -- G:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/02/06 12:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/04/04 16:42:42 | 000,064,984 | ---- | M] (mozilla.org) -- G:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/04/04 00:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- G:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/08/17 19:54:29 | 000,144,960 | ---- | M] (RealNetworks, Inc.) -- G:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2010/04/15 14:17:28 | 000,159,744 | ---- | M] (Apple Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/04/15 14:17:28 | 000,159,744 | ---- | M] (Apple Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/04/15 14:17:29 | 000,159,744 | ---- | M] (Apple Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/04/15 14:17:29 | 000,159,744 | ---- | M] (Apple Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/04/15 14:17:29 | 000,159,744 | ---- | M] (Apple Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/04/15 14:17:29 | 000,159,744 | ---- | M] (Apple Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/04/15 14:17:29 | 000,159,744 | ---- | M] (Apple Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/08/17 19:54:33 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- G:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/08/17 19:54:27 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- G:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010/03/26 10:44:32 | 000,001,538 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/26 10:44:32 | 000,002,193 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/03/26 10:44:32 | 000,000,947 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/26 10:44:32 | 000,001,534 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/26 10:44:32 | 000,000,769 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/26 10:44:33 | 000,002,371 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/03/26 10:44:33 | 000,001,178 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/26 10:44:33 | 000,001,135 | ---- | M] () -- G:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/19 20:05:19 | 000,000,686 | ---- | M]) - G:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - G:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - G:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] G:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] G:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BDRegion] G:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Cm108Sound] File not found
O4 - HKLM..\Run: [DeathAdder] G:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [DivXUpdate] G:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [iTunesHelper] G:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] G:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] G:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] G:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] G:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [024h Lucky Reminder] G:\Program Files\024h Lucky Reminder\LuckyReminder.exe ()
O4 - HKCU..\Run: [BackgroundSwitcher] G:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKCU..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] G:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = G:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: G:\Documents and Settings\James\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - G:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - G:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - G:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - G:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - G:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1250627791593 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://G:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://G:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - G:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - G:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - G:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - G:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - G:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - G:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - G:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - G:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - G:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - G:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - G:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - G:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - G:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - G:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - G:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - G:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - G:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (G:\WINDOWS\system32\userinit.exe) - G:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - G:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - G:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - G:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - G:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - G:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - G:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - G:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - G:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - G:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - G:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - G:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - G:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - G:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - G:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - G:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - G:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - G:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - G:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - G:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: G:\Documents and Settings\James\My Documents\My Pictures\i love viki.bmp
O24 - Desktop BackupWallPaper: G:\Documents and Settings\James\My Documents\My Pictures\i love viki.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - G:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - G:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - G:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - G:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - G:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - G:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - G:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - G:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - G:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - G:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - G:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - G:\WINDOWS\System32\Partizan.exe (Greatis Software)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/24 17:15:42 | 000,000,000 | ---D | C] -- G:\Documents and Settings\James\Desktop\Virus ting
[2010/05/24 15:09:16 | 000,000,000 | ---D | C] -- G:\_OTL
[2010/05/23 11:21:26 | 000,000,000 | ---D | C] -- G:\Documents and Settings\James\Desktop\N
[2010/05/21 18:20:05 | 000,161,792 | ---- | C] (SteelWerX) -- G:\WINDOWS\SWREG.exe
[2010/05/21 18:20:05 | 000,031,232 | ---- | C] (NirSoft) -- G:\WINDOWS\NIRCMD.exe
[2010/05/21 18:20:04 | 000,212,480 | ---- | C] (SteelWerX) -- G:\WINDOWS\SWXCACLS.exe
[2010/05/21 18:20:04 | 000,136,704 | ---- | C] (SteelWerX) -- G:\WINDOWS\SWSC.exe
[2010/05/21 18:16:12 | 000,000,000 | ---D | C] -- G:\WINDOWS\ERDNT
[2010/05/21 18:16:11 | 000,389,120 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\CF26310.exe
[2010/05/21 18:16:10 | 000,000,000 | ---D | C] -- G:\Qoobox
[2010/05/21 17:51:26 | 000,000,000 | ---D | C] -- G:\Program Files\RegScrubXP
[2010/05/19 19:21:23 | 000,578,560 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\user32.dll
[2010/05/19 19:19:38 | 000,000,000 | ---D | C] -- G:\WINDOWS\ERUNT
[2010/05/19 19:11:53 | 000,000,000 | ---D | C] -- G:\SDFix
[2010/05/19 15:48:30 | 000,000,000 | ---D | C] -- G:\Program Files\Trend Micro
[2010/05/19 11:00:53 | 000,000,000 | -HSD | C] -- G:\Documents and Settings\James\PrivacIE
[2010/05/18 21:25:12 | 000,000,000 | ---D | C] -- G:\Documents and Settings\James\Application Data\Windows Search
[2010/05/14 16:21:09 | 002,083,312 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\pxsfs.dll
[2010/05/14 16:21:09 | 000,678,384 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\px.dll
[2010/05/14 16:21:09 | 000,559,600 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\pxdrv.dll
[2010/05/14 16:21:09 | 000,440,816 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\pxwave.dll
[2010/05/14 16:21:09 | 000,219,632 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\pxmas.dll
[2010/05/14 16:21:09 | 000,133,616 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\pxafs.dll
[2010/05/14 16:21:09 | 000,100,848 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\vxblock.dll
[2010/05/14 16:21:09 | 000,009,200 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/05/14 16:21:09 | 000,009,072 | ---- | C] (Sonic Solutions) -- G:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010/05/14 09:52:45 | 000,000,000 | ---D | C] -- G:\Program Files\RegCleaner
[2010/05/13 13:55:07 | 000,000,000 | ---D | C] -- G:\Documents and Settings\James\Application Data\vlc
[2010/05/13 13:54:03 | 000,000,000 | ---D | C] -- G:\Program Files\VideoLAN
[2010/05/13 13:17:00 | 000,000,000 | ---D | C] -- G:\Documents and Settings\James\Local Settings\Application Data\Cyberlink
[2010/05/13 12:27:53 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Driving Test Success
[2010/05/13 12:27:53 | 000,000,000 | ---D | C] -- G:\Program Files\Driving Test Success - All Tests (2009-2010)
[2010/05/12 10:31:33 | 000,000,000 | -HSD | C] -- G:\Documents and Settings\James\IETldCache
[2010/05/12 10:17:09 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/05/12 10:16:54 | 000,000,000 | ---D | C] -- G:\Program Files\NVIDIA Corporation
[2010/05/12 10:11:01 | 000,000,000 | ---D | C] -- G:\WINDOWS\ie8updates
[2010/05/12 10:08:54 | 000,000,000 | -H-D | C] -- G:\WINDOWS\ie8
[2010/05/12 10:06:51 | 000,000,000 | ---D | C] -- G:\Program Files\Microsoft Silverlight
[2010/05/12 10:06:06 | 000,000,000 | ---D | C] -- G:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/05/12 10:04:55 | 000,000,000 | ---D | C] -- G:\Documents and Settings\James\Local Settings\Application Data\Identities
[2010/05/12 10:04:51 | 000,000,000 | ---D | C] -- G:\Documents and Settings\James\Application Data\Windows Desktop Search
[2010/05/12 10:04:28 | 000,000,000 | ---D | C] -- G:\Program Files\Windows Desktop Search
[2010/05/12 10:04:28 | 000,000,000 | ---D | C] -- G:\WINDOWS\System32\GroupPolicy
[2010/05/12 10:04:13 | 000,192,000 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\offfilt.dll
[2010/05/12 10:04:13 | 000,098,304 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\nlhtml.dll
[2010/05/12 10:04:13 | 000,029,696 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\mimefilt.dll
[2010/05/12 10:03:44 | 000,000,000 | ---D | C] -- G:\WINDOWS\ie7updates
[2010/05/12 10:03:37 | 011,070,976 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\ieframe.dll
[2010/05/12 10:03:37 | 003,698,584 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\ieapfltr.dat
[2010/05/12 10:03:37 | 001,985,536 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\iertutil.dll
[2010/05/12 10:03:37 | 001,241,088 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2010/05/12 10:03:37 | 000,594,432 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/05/12 10:03:37 | 000,445,952 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/05/12 10:03:37 | 000,059,904 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\icardie.dll
[2010/05/12 10:03:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/05/12 10:03:37 | 000,013,824 | ---- | C] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/05/12 10:03:29 | 000,000,000 | ---D | C] -- G:\WINDOWS\WBEM
[2010/05/12 10:02:17 | 000,000,000 | -H-D | C] -- G:\WINDOWS\ie7
[2010/05/12 10:02:10 | 000,000,000 | -H-D | C] -- G:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/05/12 10:01:58 | 000,000,000 | -H-D | C] -- G:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/05/11 11:56:00 | 000,068,880 | ---- | C] (Belus Technology Inc.) -- G:\WINDOWS\System32\XZip.dll
[2010/05/11 10:25:39 | 000,000,000 | ---D | C] -- G:\Program Files\DExUS
[2010/05/03 12:38:15 | 000,000,000 | ---D | C] -- G:\Program Files\iPod
[2010/05/03 12:35:37 | 000,000,000 | ---D | C] -- G:\Program Files\Bonjour
[2010/04/28 12:41:47 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Java
[2010/04/28 12:40:00 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\deployJava1.dll
[2010/04/28 12:40:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\javaws.exe
[2010/04/28 12:40:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\javaw.exe
[2010/04/28 12:40:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\java.exe
[2010/04/28 12:40:00 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\javacpl.cpl
[2010/04/26 23:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- G:\WINDOWS\System32\DivXControlPanelApplet.cpl
[6 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]
[3 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/25 10:23:26 | 000,276,202 | ---- | M] () -- G:\WINDOWS\System32\NvApps.xml
[2010/05/25 10:16:27 | 000,000,006 | -H-- | M] () -- G:\WINDOWS\tasks\SA.DAT
[2010/05/25 10:16:22 | 000,002,048 | --S- | M] () -- G:\WINDOWS\bootstat.dat
[2010/05/25 00:57:21 | 012,058,624 | ---- | M] () -- G:\Documents and Settings\James\ntuser.dat
[2010/05/25 00:57:21 | 000,000,178 | -HS- | M] () -- G:\Documents and Settings\James\ntuser.ini
[2010/05/25 00:33:46 | 000,137,464 | ---- | M] () -- G:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/05/25 00:33:37 | 000,214,520 | ---- | M] () -- G:\WINDOWS\System32\PnkBstrB.xtr
[2010/05/24 22:20:09 | 000,000,647 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Universal Anticheat 2.lnk
[2010/05/24 22:19:49 | 000,013,017 | ---- | M] () -- G:\Documents and Settings\James\Desktop\config_mp_bturbo_edit3_asd.cfg
[2010/05/24 16:25:05 | 000,002,422 | ---- | M] () -- G:\WINDOWS\System32\wpa.dbl
[2010/05/23 20:13:03 | 000,018,944 | ---- | M] () -- G:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/23 11:16:40 | 000,001,048 | ---- | M] () -- G:\Documents and Settings\James\Desktop\John's Background Switcher.lnk
[2010/05/21 18:16:08 | 000,389,120 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\System32\CF26310.exe
[2010/05/21 18:12:40 | 000,069,232 | ---- | M] () -- G:\Documents and Settings\James\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/21 18:07:18 | 000,264,616 | ---- | M] () -- G:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/21 18:02:57 | 000,002,626 | ---- | M] () -- G:\WINDOWS\System32\CONFIG.NT
[2010/05/21 17:51:26 | 000,000,650 | ---- | M] () -- G:\Documents and Settings\James\Desktop\RegScrubXP.lnk
[2010/05/20 00:18:12 | 000,024,416 | ---- | M] (Greatis Software) -- G:\WINDOWS\System32\drivers\regguard.sys
[2010/05/19 23:05:27 | 000,002,137 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/19 20:05:19 | 000,000,686 | ---- | M] () -- G:\WINDOWS\System32\drivers\etc\HOSTS
[2010/05/19 19:21:23 | 000,578,560 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\System32\dllcache\user32.dll
[2010/05/19 00:30:53 | 000,000,701 | ---- | M] () -- G:\WINDOWS\win.ini
[2010/05/19 00:30:53 | 000,000,227 | ---- | M] () -- G:\WINDOWS\system.ini
[2010/05/16 16:44:46 | 000,002,597 | ---- | M] () -- G:\Documents and Settings\James\Desktop\Moongamers Patch Switcher.lnk
[2010/05/14 17:03:40 | 000,000,128 | ---- | M] () -- G:\Documents and Settings\James\Local Settings\Application Data\fusioncache.dat
[2010/05/14 16:21:24 | 000,001,469 | ---- | M] () -- G:\Documents and Settings\James\Desktop\DivX Movies.lnk
[2010/05/14 16:21:17 | 000,000,777 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/14 16:20:11 | 000,000,817 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/13 21:27:04 | 000,001,374 | ---- | M] () -- G:\WINDOWS\imsins.BAK
[2010/05/13 13:54:24 | 000,000,719 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/05/13 13:14:32 | 000,029,480 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\System32\msxml3a.dll
[2010/05/13 12:30:43 | 000,000,810 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Driving Test Success - All Tests.lnk
[2010/05/12 10:15:21 | 000,538,830 | ---- | M] () -- G:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/12 10:15:21 | 000,468,306 | ---- | M] () -- G:\WINDOWS\System32\perfh009.dat
[2010/05/12 10:15:21 | 000,080,006 | ---- | M] () -- G:\WINDOWS\System32\perfc009.dat
[2010/05/12 10:04:33 | 000,001,787 | ---- | M] () -- G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/11 11:56:00 | 000,068,880 | ---- | M] (Belus Technology Inc.) -- G:\WINDOWS\System32\XZip.dll
[2010/05/09 14:36:51 | 000,011,488 | ---- | M] () -- G:\Documents and Settings\James\Desktop\The accident occurred at the traffic lights at the Anchor Hill crossroads at 8pm on.docx
[2010/05/09 10:48:01 | 000,012,431 | ---- | M] () -- G:\Documents and Settings\James\Desktop\snail_edit.cfg
[2010/05/07 20:52:46 | 000,041,872 | ---- | M] () -- G:\WINDOWS\System32\xfcodec.dll
[2010/05/06 21:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- G:\WINDOWS\System32\aswBoot.exe
[2010/05/06 21:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- G:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 21:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- G:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 21:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- G:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 21:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- G:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 21:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- G:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 21:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- G:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 21:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- G:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/06 21:12:13 | 000,042,968 | ---- | M] () -- G:\Documents and Settings\James\Desktop\XmasAtlas.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 12:39:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\deployJava1.dll
[2010/04/28 12:39:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\javaws.exe
[2010/04/28 12:39:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\javaw.exe
[2010/04/28 12:39:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\java.exe
[2010/04/28 12:39:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- G:\WINDOWS\System32\javacpl.cpl
[2010/04/28 11:45:10 | 000,011,284 | ---- | M] () -- G:\Documents and Settings\James\Desktop\config_mp_bturbo_edit4.cfg
[2010/04/28 09:40:09 | 000,010,551 | ---- | M] () -- G:\Documents and Settings\James\Desktop\solz_edit.cfg
[2010/04/27 11:22:56 | 000,010,185 | ---- | M] () -- G:\Documents and Settings\James\Desktop\config_mp_prinz_edit.cfg
[2010/04/26 23:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- G:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 21:15:55 | 000,009,986 | ---- | M] () -- G:\Documents and Settings\James\Desktop\trigger_edit.cfg
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- G:\WINDOWS\PEV.exe
[6 G:\WINDOWS\*.tmp files -> G:\WINDOWS\*.tmp -> ]
[3 G:\WINDOWS\System32\*.tmp files -> G:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/24 16:23:07 | 000,434,176 | RHS- | C] () -- G:\WINDOWS\System32\cffmon.exe
[2010/05/21 18:42:44 | 001,048,576 | ---- | C] () -- G:\Documents and Settings\James\Desktop\1603.BIN
[2010/05/21 18:41:52 | 001,048,576 | ---- | C] () -- G:\Documents and Settings\James\Desktop\0901.BIN
[2010/05/21 18:20:05 | 000,256,512 | ---- | C] () -- G:\WINDOWS\PEV.exe
[2010/05/21 18:20:05 | 000,080,412 | ---- | C] () -- G:\WINDOWS\grep.exe
[2010/05/21 18:20:05 | 000,077,312 | ---- | C] () -- G:\WINDOWS\MBR.exe
[2010/05/21 18:20:05 | 000,068,096 | ---- | C] () -- G:\WINDOWS\zip.exe
[2010/05/21 18:20:04 | 000,098,816 | ---- | C] () -- G:\WINDOWS\sed.exe
[2010/05/21 17:51:26 | 000,000,650 | ---- | C] () -- G:\Documents and Settings\James\Desktop\RegScrubXP.lnk
[2010/05/14 17:03:40 | 000,000,128 | ---- | C] () -- G:\Documents and Settings\James\Local Settings\Application Data\fusioncache.dat
[2010/05/13 13:54:24 | 000,000,719 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/05/13 12:30:43 | 000,000,810 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Driving Test Success - All Tests.lnk
[2010/05/12 10:04:33 | 000,001,787 | ---- | C] () -- G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/11 10:25:42 | 000,000,647 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Universal Anticheat 2.lnk
[2010/05/09 14:36:51 | 000,011,488 | ---- | C] () -- G:\Documents and Settings\James\Desktop\The accident occurred at the traffic lights at the Anchor Hill crossroads at 8pm on.docx
[2010/05/09 10:48:44 | 000,012,431 | ---- | C] () -- G:\Documents and Settings\James\Desktop\snail_edit.cfg
[2010/05/07 20:52:46 | 000,041,872 | ---- | C] () -- G:\WINDOWS\System32\xfcodec.dll
[2010/05/06 21:12:13 | 000,042,968 | ---- | C] () -- G:\Documents and Settings\James\Desktop\XmasAtlas.jpg
[2010/05/06 21:08:33 | 000,013,017 | ---- | C] () -- G:\Documents and Settings\James\Desktop\config_mp_bturbo_edit3_asd.cfg
[2010/05/03 12:38:47 | 000,002,137 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/28 11:45:10 | 000,011,284 | ---- | C] () -- G:\Documents and Settings\James\Desktop\config_mp_bturbo_edit4.cfg
[2010/04/27 11:22:56 | 000,010,185 | ---- | C] () -- G:\Documents and Settings\James\Desktop\config_mp_prinz_edit.cfg
[2010/04/25 17:49:42 | 000,009,986 | ---- | C] () -- G:\Documents and Settings\James\Desktop\trigger_edit.cfg
[2010/03/03 22:07:49 | 000,182,275 | ---- | C] () -- G:\WINDOWS\System32\d3d10core.dll
[2010/03/03 22:07:49 | 000,124,931 | ---- | C] () -- G:\WINDOWS\System32\dxgi.dll
[2010/03/03 22:07:47 | 000,376,832 | ---- | C] () -- G:\WINDOWS\System32\M2000Twn.dll
[2010/03/03 22:07:45 | 000,073,728 | ---- | C] () -- G:\WINDOWS\System32\CompressATI2.dll
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- G:\WINDOWS\System32\xlive.dll.cat
[2009/11/04 14:54:23 | 000,000,754 | ---- | C] () -- G:\WINDOWS\WORDPAD.INI
[2009/08/25 15:01:31 | 000,168,448 | ---- | C] () -- G:\WINDOWS\System32\unrar.dll
[2009/08/25 15:01:30 | 000,000,038 | ---- | C] () -- G:\WINDOWS\avisplitter.ini
[2009/08/25 15:01:29 | 000,881,664 | ---- | C] () -- G:\WINDOWS\System32\xvidcore.dll
[2009/08/25 15:01:29 | 000,205,824 | ---- | C] () -- G:\WINDOWS\System32\xvidvfw.dll
[2009/08/25 15:01:28 | 000,085,504 | ---- | C] () -- G:\WINDOWS\System32\ff_vfw.dll
[2009/08/25 15:01:28 | 000,000,547 | ---- | C] () -- G:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/08/17 19:54:53 | 000,000,025 | ---- | C] () -- G:\WINDOWS\cdplayer.ini
[2009/08/17 12:48:22 | 000,137,464 | ---- | C] () -- G:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/08/17 12:27:16 | 000,000,319 | ---- | C] () -- G:\WINDOWS\game.ini
[2009/08/17 12:06:42 | 000,000,262 | ---- | C] () -- G:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/17 11:40:38 | 000,045,056 | -H-- | C] () -- G:\WINDOWS\System32\CM108rm.dll
[2009/08/17 11:40:38 | 000,000,221 | ---- | C] () -- G:\WINDOWS\Cm108.ini.cfl
[2009/08/17 11:40:21 | 000,000,939 | -H-- | C] () -- G:\WINDOWS\Cm108.ini.cfg
[2009/08/17 11:40:19 | 000,001,218 | -H-- | C] () -- G:\WINDOWS\cm108.ini
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- G:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- G:\WINDOWS\System32\AgCPanelFrench.dll
[2008/07/09 12:02:00 | 000,286,720 | ---- | C] () -- G:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- G:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- G:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- G:\WINDOWS\System32\gthrctr.ini
[2006/07/13 06:36:36 | 001,167,360 | ---- | C] () -- G:\WINDOWS\System32\acAuth.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- G:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 126 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >


#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:55 PM

Posted 25 May 2010 - 06:23 AM

It is gone now.

=======Cleanup=======
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.

If Combofix is not present then move to the next step.
======Next======
  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.
======================Clear out infected System Restore points======================


Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================
After that your all set.


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users