Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
18 replies to this topic

#1 Papa Steve

Papa Steve

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 26 May 2010 - 12:47 PM

Search results get redirected. new IE windows suddenly appear with strange websites. Windows Update cannot connect. Here's the logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:44:14 PM, on 5/26/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Novosoft\Handy Backup\hbagent.exe
C:\Program Files\Adobe\Acrobat 6.0a\Distillr\acrotray.exe
C:\Program Files\Airlink101\AWLL3028\RtWLan.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\SYSTEM32\dvmurl.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLHooker2 Class - {93935F7F-9C88-42F8-8445-95251D27FABC} - C:\PROGRA~1\FLASHV~1\URLHOO~1.DLL (file missing)
O2 - BHO: CacherBHO - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0a\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0a\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU "C:\WINDOWS\TEMP\E_S7C.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Handy Backup] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0a\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Airlink101 USB Wireless Configuration Utility.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...20Installer.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} (MetaStreamCtl Class) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink.com/we_are_related/st...geUploader5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1262902684484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1262902675453
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...r_installer.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: hblogon - hblogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Unknown owner - C:\Program Files\Application Updater\ApplicationUpdater.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14357 bytes


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:42 PM

Posted 28 May 2010 - 06:09 AM

Hello and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have
since resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 Papa Steve

Papa Steve
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 28 May 2010 - 10:02 AM

I understand how busy everyone is, and I thank all of you for taking the time to help us poor souls who have messed up our computers. By the way, this morning I find that my Windows Firewall is now blocking this forum. I had to turn off the Firewall to get access. Here are the reports you requested:

OTL logfile created on: 5/28/2010 10:51:55 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 59.18 Gb Free Space | 25.41% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 68.52 Gb Free Space | 29.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
Drive H: | 465.76 Gb Total Space | 135.41 Gb Free Space | 29.07% Space Free | Partition Type: NTFS
Drive I: | 232.88 Gb Total Space | 71.70 Gb Free Space | 30.79% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 131.47 Gb Free Space | 28.23% Space Free | Partition Type: NTFS

Computer Name: HOME-83214D20D8
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/28 10:49:57 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
PRC - [2010/05/25 17:54:57 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/25 17:54:56 | 001,314,704 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/05/04 05:31:50 | 003,464,128 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2010/04/22 09:29:37 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/22 09:29:33 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/01 09:51:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/22 12:50:20 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/13 10:17:18 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/13 10:17:15 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 10:16:55 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/13 10:16:55 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/26 16:44:34 | 000,113,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Mail\wlmail.exe
PRC - [2008/12/09 16:09:30 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EasySaver\essvr.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/24 20:06:22 | 000,904,768 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2008/06/24 19:56:52 | 000,136,472 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2008/06/24 19:52:18 | 001,325,848 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2008/06/03 01:30:53 | 000,054,624 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\shellmon.exe
PRC - [2008/06/03 01:30:53 | 000,039,264 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\waol.exe
PRC - [2008/01/22 12:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/22 12:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/12/17 01:08:15 | 002,168,920 | ---- | M] (Novosoft LLC) -- C:\Program Files\Novosoft\Handy Backup\hbagent.exe
PRC - [2007/07/27 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 21:03:16 | 000,811,008 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Airlink101\AWLL3028\RtWLan.exe
PRC - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 17:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
PRC - [2004/06/04 08:54:00 | 000,212,992 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2003/10/24 00:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0a\Distillr\acrotray.exe
PRC - [2003/08/27 11:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/05/28 10:49:57 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
MOD - [2010/02/04 14:17:27 | 000,129,984 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp1.dll
MOD - [2008/06/03 01:30:49 | 000,006,144 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\idleproc.dll
MOD - [2007/07/27 08:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2007/07/27 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2007/03/14 18:12:04 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\AOL 9.1\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - File not found [Auto | Stopped] -- -- (Application Updater)
SRV - [2010/05/25 17:54:56 | 001,314,704 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/13 10:17:15 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/13 10:16:55 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/09 16:09:30 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2003/08/27 11:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2010/05/28 06:29:12 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/04/23 12:31:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys -- (AnyDVD)
DRV - [2010/04/22 09:29:33 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/13 10:17:18 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/13 10:16:55 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/03 00:52:08 | 004,605,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/01 13:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/08/03 18:21:01 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/08/03 18:21:01 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV - [2009/08/03 18:20:50 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/08/03 18:20:46 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/08/27 05:22:24 | 004,754,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/25 23:28:10 | 003,684,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008/08/07 07:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/05/18 17:48:22 | 000,238,208 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8187B.sys -- (RTL8187B)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AmdPPM.sys -- (AmdPPM)
DRV - [2007/04/10 17:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VX3000.sys -- (VX3000)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2002/10/03 15:42:02 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1960408961-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1960408961-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1960408961-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1960408961-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.aol.com/
IE - HKU\S-1-5-21-1960408961-583907252-725345543-1003\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\SYSTEM32\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-1960408961-583907252-725345543-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1960408961-583907252-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.7
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aolTB50CL-ab-en-us&query="


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/22 12:51:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/27 17:36:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/18 13:51:14 | 000,000,000 | ---D | M]

[2009/07/09 14:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Extensions
[2010/05/26 20:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\extensions
[2010/05/18 13:51:21 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/03/23 00:44:56 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/05/15 20:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\extensions\artur.dubovoy@gmail.com
[2010/05/18 16:24:16 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\searchplugins\aol-search.xml
[2009/10/30 16:00:39 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\searchplugins\bing.xml
[2010/05/26 17:12:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 14:12:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/16 14:12:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/24 16:50:54 | 000,000,766 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (URLHooker2 Class) - {93935F7F-9C88-42F8-8445-95251D27FABC} - C:\PROGRA~1\FLASHV~1\URLHOO~1.DLL File not found
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll File not found
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0a\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0a\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll File not found
O3 - HKU\S-1-5-21-1960408961-583907252-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0a\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1960408961-583907252-725345543-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-1960408961-583907252-725345543-1003..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKU\S-1-5-21-1960408961-583907252-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1960408961-583907252-725345543-1003..\Run: [EPSON Stylus Photo R380 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1960408961-583907252-725345543-1003..\Run: [Handy Backup] C:\Program Files\Novosoft\Handy Backup\hbagent.exe (Novosoft LLC)
O4 - HKU\S-1-5-21-1960408961-583907252-725345543-1003..\Run: [LeechGet] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Airlink101 USB Wireless Configuration Utility.lnk = C:\Program Files\Airlink101\AWLL3028\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\System32\spool\drivers\w32x86\3\E_SRCV02.EXE File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk = C:\Program Files\CASIO\Ploader\Plauto.exe (CASIO COMPUTER CO.,LTD.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\System32\sistray.exe File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0a\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Airlink101 USB Wireless Configuration Utility.lnk = C:\Program Files\Airlink101\AWLL3028\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Steve\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O4 - Startup: C:\Documents and Settings\Steve Binns\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Download using LeechGet - C:\Program Files\LeechGet 2004\AddUrl.html ()
O8 - Extra context menu item: Download using LeechGet Wizard - C:\Program Files\LeechGet 2004\Wizard.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Parse with LeechGet - C:\Program Files\LeechGet 2004\Parser.html ()
O15 - HKU\S-1-5-21-1960408961-583907252-725345543-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (MetaStreamCtl Class)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/st...geUploader5.cab (Image Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1262902684484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1262902675453 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/in...r_installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\hblogon: DllName - hblogon.dll - File not found
O24 - Desktop WallPaper: C:\Images\Hubble Telescope\2004-10-a-1152a.bmp
O24 - Desktop BackupWallPaper: C:\Images\Hubble Telescope\2004-10-a-1152a.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/21 13:22:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/08/21 07:43:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O32 - AutoRun File - [2007/05/21 09:51:54 | 000,000,000 | ---D | M] - C:\autographs -- [ NTFS ]
O32 - AutoRun File - [2009/03/30 06:32:46 | 000,000,288 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{91ff2bc5-3902-11df-9cff-00038a000015}\Shell\AutoRun\command - "" = J:\install.bat -- File not found
O33 - MountPoints2\{ecccf052-efe7-11de-9c73-00212f2dd5eb}\Shell\AutoRun\command - "" = J:\install.bat -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\ias [2009/05/19 20:37:09 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/28 10:49:57 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/05/26 12:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/26 11:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\Yahoo
[2010/05/26 11:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
[2010/05/26 11:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2010/05/26 11:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Yahoo!
[2010/05/26 11:32:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/25 23:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/05/25 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\BHODemon 2
[2010/05/25 17:57:23 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/05/25 17:57:08 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/25 17:47:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/25 17:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/25 17:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2010/05/25 16:13:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Steve\Recent
[2010/05/25 13:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hitman Pro
[2010/05/25 13:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/05/25 02:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\RegRun2
[2010/05/25 02:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Simply Super Software
[2010/05/24 22:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\scan0001
[2010/05/24 17:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/05/24 17:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Malwarebytes
[2010/05/24 17:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/05/24 14:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2010/05/23 10:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\DivX
[2010/05/23 10:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/05/23 10:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX
[2010/05/19 23:01:06 | 001,872,821 | ---- | C] (Red Hat) -- C:\WINDOWS\System32\cygwin1.dll
[2010/05/19 23:01:05 | 000,487,479 | ---- | C] (Appspeed Inc.) -- C:\WINDOWS\System32\SkinMagic.dll
[2010/05/19 21:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Digiarty
[2010/05/19 21:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2010/05/18 23:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Any DVD Converter Professional
[2010/05/18 22:58:35 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/18 22:58:35 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvid.ax
[2010/05/18 22:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Leawo
[2010/05/18 22:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\DVD2AVI Ripper
[2010/05/18 22:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/05/18 13:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
[2010/05/18 13:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/05/18 13:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
[2010/05/18 13:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\AOL
[2010/05/18 13:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.5
[2010/05/18 13:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
[2010/05/18 00:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Xilisoft Corporation
[2010/05/18 00:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Xilisoft Corporation
[2010/05/17 17:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\AVS4YOU
[2010/05/17 17:44:59 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2010/05/17 17:44:59 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2010/05/17 17:44:59 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010/05/17 17:44:59 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2010/05/17 17:44:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/05/17 17:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/05/17 17:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
[2010/05/15 20:58:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\FVD Suite
[2010/05/15 20:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\FVDToolbar
[2010/05/15 20:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\FVDToolbar
[2010/05/14 16:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Apowersoft
[2010/05/07 22:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2010/05/07 22:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Topaz Labs
[2010/05/07 22:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs
[2010/05/06 20:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia
[2010/05/06 20:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia
[2010/05/03 19:41:30 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/05/03 19:40:26 | 000,454,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/05/03 19:39:40 | 002,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/05/03 19:39:40 | 002,137,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/05/03 19:39:39 | 002,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/05/03 19:39:39 | 002,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/05/02 23:44:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2010/05/02 23:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/13 11:01:36 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2013/08/13 10:48:50 | 000,011,079 | -H-- | M] () -- C:\Program Files\folder.htt
[2010/05/28 10:51:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-583907252-725345543-1003.job
[2010/05/28 10:51:02 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-583907252-725345543-1003.job
[2010/05/28 10:49:57 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/05/28 08:49:54 | 060,464,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/28 07:35:52 | 000,051,412 | ---- | M] () -- C:\VETlog.dmp
[2010/05/28 07:34:53 | 000,000,854 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/28 07:14:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\prvlcl.dat
[2010/05/28 06:33:35 | 000,462,786 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/28 06:33:35 | 000,391,716 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/28 06:33:35 | 000,062,694 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/28 06:32:41 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/28 06:29:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/28 06:29:12 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010/05/28 06:29:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/28 06:29:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/28 01:36:05 | 015,466,496 | ---- | M] () -- C:\Documents and Settings\Steve\ntuser.dat
[2010/05/28 01:35:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Steve\ntuser.ini
[2010/05/28 00:33:40 | 000,000,183 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/27 21:09:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/27 15:10:08 | 000,000,014 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/05/26 13:43:17 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\HiJackThis.lnk
[2010/05/25 21:43:53 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/05/25 20:45:08 | 000,020,528 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/25 20:43:11 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/25 17:57:02 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/25 17:56:57 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/25 15:03:23 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\PBS KIDS.url
[2010/05/25 14:17:19 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/25 03:06:04 | 004,268,576 | -H-- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\IconCache.db
[2010/05/25 02:58:18 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/25 02:58:18 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/25 02:58:18 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/05/25 02:57:41 | 000,001,407 | ---- | M] () -- C:\WINDOWS\PKZIPW.INI
[2010/05/24 21:38:48 | 000,106,332 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\scan0001.zip
[2010/05/24 17:32:06 | 000,067,584 | ---- | M] () -- C:\WINDOWS\System32\klgd.bmp
[2010/05/24 17:32:06 | 000,010,218 | ---- | M] () -- C:\WINDOWS\System32\rof
[2010/05/24 16:50:54 | 000,000,766 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/05/24 14:27:14 | 000,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2010/05/23 16:15:09 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/20 03:18:17 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\Steve\default.pls
[2010/05/18 13:55:40 | 000,000,724 | ---- | M] () -- C:\WINDOWS\aolback.exe.lnk
[2010/05/18 13:30:01 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/15 21:00:41 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2010/05/13 13:00:45 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\v.2009.s01e11.lnk
[2010/05/12 11:26:41 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Moyea YouTube FLV Downloader.lnk
[2010/05/08 00:14:54 | 000,003,714 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/05/06 20:42:16 | 000,000,875 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\SolveigMM AVI Trimmer.lnk
[2010/05/06 09:23:45 | 000,027,245 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\visConfi.pdf
[2010/05/05 13:10:13 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AnyDVD.lnk
[2010/05/03 20:16:40 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/03 20:09:59 | 000,472,159 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/26 12:53:25 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\HiJackThis.lnk
[2010/05/25 18:16:48 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/25 17:58:32 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/25 17:47:09 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/05/25 13:57:41 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/25 02:58:18 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/05/24 21:38:40 | 000,106,332 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\scan0001.zip
[2010/05/24 17:32:06 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\klgd.bmp
[2010/05/24 17:32:06 | 000,010,218 | ---- | C] () -- C:\WINDOWS\System32\rof
[2010/05/24 14:27:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/05/19 23:01:06 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2010/05/18 13:55:40 | 000,000,724 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2010/05/13 13:00:45 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\v.2009.s01e11.lnk
[2010/05/12 11:26:41 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Moyea YouTube FLV Downloader.lnk
[2010/05/07 23:45:41 | 015,466,496 | ---- | C] () -- C:\Documents and Settings\Steve\ntuser.dat
[2010/05/06 20:42:16 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\SolveigMM AVI Trimmer.lnk
[2010/05/06 09:23:45 | 000,027,245 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\visConfi.pdf
[2010/04/27 12:45:53 | 000,000,071 | ---- | C] () -- C:\WINDOWS\PrintCD.INI
[2009/10/06 13:30:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2009/10/06 13:24:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ip2.INI
[2009/09/24 18:40:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/08/30 21:27:02 | 000,000,124 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/07/22 11:34:06 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/07/22 11:34:06 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/07/02 12:35:54 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2009/05/21 00:39:06 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C57EC832B1.sys
[2009/05/20 23:51:23 | 000,003,714 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/05/20 23:40:53 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2009/05/20 22:26:48 | 000,001,154 | ---- | C] () -- C:\WINDOWS\hmpro6.INI
[2009/05/20 21:52:09 | 000,003,271 | ---- | C] () -- C:\WINDOWS\sqkp40.ini
[2009/05/20 21:52:08 | 000,029,008 | ---- | C] () -- C:\WINDOWS\System32\helphelp.dll
[2009/05/20 21:52:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\kwimage.dll
[2009/05/20 17:38:09 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/05/20 17:15:38 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/05/20 17:13:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EP_SPR380.ini
[2009/05/20 16:59:57 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009/05/20 16:12:52 | 000,000,183 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/20 15:39:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/05/20 15:39:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/05/20 15:39:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/05/20 15:39:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/05/20 15:39:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/05/20 15:39:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/05/20 15:39:18 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2009/05/20 14:21:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/20 01:25:03 | 000,001,407 | ---- | C] () -- C:\WINDOWS\PKZIPW.INI
[2008/01/12 18:00:01 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/07/27 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2010/02/02 23:40:36 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\ATIDEMGX.dll
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/05/19 20:42:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\default.sav
[2009/05/19 20:42:04 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\software.sav
[2009/05/19 20:42:04 | 000,909,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >
[2005/12/06 08:04:04 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:A573813D9A8E391B
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FB1B13D8
< End of report >

OTL Extras logfile created on: 5/28/2010 10:51:55 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 59.18 Gb Free Space | 25.41% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 68.52 Gb Free Space | 29.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
Drive H: | 465.76 Gb Total Space | 135.41 Gb Free Space | 29.07% Space Free | Partition Type: NTFS
Drive I: | 232.88 Gb Total Space | 71.70 Gb Free Space | 30.79% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 131.47 Gb Free Space | 28.23% Space Free | Partition Type: NTFS

Computer Name: HOME-83214D20D8
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1071:TCP" = 1071:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\InterVideo\DVD6\WinDVD.exe" = C:\Program Files\InterVideo\DVD6\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\WS_FTP\ws_ftp95.exe" = C:\Program Files\WS_FTP\ws_ftp95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe" = C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe:*:Enabled:Firefox -- File not found
"C:\Documents and Settings\Steve\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Steve\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL 9.1 -- (AOL, LLC.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Nero\Nero 9\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 9\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- File not found
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.1208.1
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1A48AB8A-DA88-545F-9D3D-C481DC6C31A3}" = Catalyst Control Center Graphics Full Existing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{257DEF70-A302-CF80-79FE-D8C72EB5E4D0}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2CF6349E-8A3F-B726-F59A-8703FC8885E8}" = Catalyst Control Center Graphics Light
"{2FB2169F-04D8-FFC0-6A66-80EE652B93A5}" = Catalyst Control Center InstallProxy
"{302126A2-BB96-5931-6249-CAACA2C89AA1}" = ccc-core-static
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B9EFDF8-AC4F-CA21-9A8C-7534D49E7EE9}" = Catalyst Control Center HydraVision Full
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{68CC54AC-EFE5-4CE4-81F8-BE0C834E2D86}" = Mobile Broadband Generic Drivers
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}" = InterVideo WinDVD 6
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855AA20A-CA81-7EF1-1936-AE4AA3DC4BEA}" = ccc-core-preinstall
"{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}" = Topaz Clean 3
"{889457D5-7B32-4939-A775-D6FF973B40E9}" = Airlink101 USB Wireless Configuration Utility
"{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}" = Topaz Simplify 3
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BB86C70-E1EF-7457-46DC-0093B5269458}" = ATI Catalyst Install Manager
"{9E146BA1-26DD-4C3B-9F0F-90F2E3CEC9D2}" = Topaz DeJpeg 4
"{9FDC7042-CB9F-4336-A14C-DF10F53762E2}" = Topaz Adjust 4
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9867BC9-0EAD-BAC6-C320-4FBC2E127643}" = Catalyst Control Center Core Implementation
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}" = Topaz Detail 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Premium
"{D0E6B5D9-6737-AF3E-7BE5-7327DD6B6002}" = Catalyst Control Center Graphics Previews Common
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D60AC312-F99D-48AC-AD6E-D1FEE33648BA}" = Topaz DeNoise 4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4C82E4B-CD9E-27ED-BC6A-E099DE3EC3ED}" = CCC Help English
"{E7231089-60AD-CD67-8CC0-B0F415E2A32A}" = Catalyst Control Center Graphics Full New
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FF1309E5-B4DF-4D39-B6A3-9D7112382988}" = LBT Preschool Adventure
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"3DGroove" = 3D Groove Playback Engine
"Ad-Aware" = Ad-Aware
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Alarm_is1" = Alarm 2.0.4
"Any Video Converter_is1" = Any Video Converter 3.0.5
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"BR - Race and Nicole" = BR - Race and Nicole
"cam2pc" = cam2pc Freeware Edition (remove only)
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"EPSON Printer and Utilities" = EPSON Printer Software
"Family Tree Maker 2010" = Family Tree Maker 2010
"FreshDevices - FreshDiagnose_is1" = FreshDiagnose
"Handy Backup" = Handy Backup 5.8.2.0
"HijackThis" = HijackThis 2.0.2
"HoTMetaLPRO6" = SoftQuad HoTMetaL PRO 6.0
"HTMLProtector" = HTMLProtector
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"LeechGet 2004_is1" = LeechGet 2004 Version 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 12.0" = RealPlayer
"Silent Package Run-Time Sample" = EPSON Stylus Photo R380 User's Guide
"SoftQuad HoTMetaL Site Maker Database" = SoftQuad HoTMetaL Site Maker Database
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"SSC Service Utility_is1" = SSC Service Utility v4.30
"Tweak UI 2.10" = Tweak UI
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1960408961-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/26/2010 9:49:52 AM | Computer Name = HOME-83214D20D8 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/26/2010 9:49:52 AM | Computer Name = HOME-83214D20D8 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/26/2010 9:55:46 AM | Computer Name = HOME-83214D20D8 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/26/2010 9:55:46 AM | Computer Name = HOME-83214D20D8 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/26/2010 3:08:13 PM | Computer Name = HOME-83214D20D8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/26/2010 3:46:39 PM | Computer Name = HOME-83214D20D8 | Source = Application Error | ID = 1005
Description = Windows cannot access the file F:\INSTALL.EXE for one of the following
reasons: there is a problem with the network connection, the disk that the file
is stored on, or the storage drivers installed on this computer; or the disk is
missing. Windows closed the program Installation Manager because of this error.

Program:
Installation Manager File: F:\INSTALL.EXE The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C000009C Disk type: 5

Error - 5/26/2010 3:46:40 PM | Computer Name = HOME-83214D20D8 | Source = Application Error | ID = 1000
Description = Faulting application install.exe, version 1.0.1.6, faulting module
install.exe, version 1.0.1.6, fault address 0x0001b5a0.

Error - 5/27/2010 6:28:35 PM | Computer Name = HOME-83214D20D8 | Source = Application Error | ID = 1000
Description = Faulting application realupgrade.exe, version 1.0.2.110, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 5/27/2010 9:52:19 PM | Computer Name = HOME-83214D20D8 | Source = LifeCam | ID = 0
Description =

Error - 5/27/2010 9:52:20 PM | Computer Name = HOME-83214D20D8 | Source = LifeCam | ID = 0
Description =

[ System Events ]
Error - 5/27/2010 6:26:41 AM | Computer Name = HOME-83214D20D8 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/27/2010 6:26:58 AM | Computer Name = HOME-83214D20D8 | Source = Service Control Manager | ID = 7000
Description = The ASCTRM service failed to start due to the following error: %%2

Error - 5/27/2010 6:26:58 AM | Computer Name = HOME-83214D20D8 | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 5/27/2010 6:26:58 AM | Computer Name = HOME-83214D20D8 | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 5/27/2010 8:44:52 PM | Computer Name = HOME-83214D20D8 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/28/2010 6:29:15 AM | Computer Name = HOME-83214D20D8 | Source = Service Control Manager | ID = 7000
Description = The ASCTRM service failed to start due to the following error: %%2

Error - 5/28/2010 6:29:15 AM | Computer Name = HOME-83214D20D8 | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 5/28/2010 6:29:15 AM | Computer Name = HOME-83214D20D8 | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 5/28/2010 6:29:26 AM | Computer Name = HOME-83214D20D8 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/28/2010 6:29:26 AM | Computer Name = HOME-83214D20D8 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:42 PM

Posted 28 May 2010 - 10:27 AM

Hi Papa Steve,


Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
    SRV - File not found [Auto | Stopped] -- -- (Application Updater)
    IE - HKU\S-1-5-21-1960408961-583907252-725345543-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
    O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll File not found
    O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll File not found
    O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll File not found
    O4 - HKLM..\Run: [GEST] File not found
    O4 - HKU\S-1-5-21-1960408961-583907252-725345543-1003..\Run: [LeechGet] File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\System32\spool\drivers\w32x86\3\E_SRCV02.EXE File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\System32\sistray.exe File not found
    O20 - Winlogon\Notify\hblogon: DllName - hblogon.dll - File not foundO32 - AutoRun File - [2009/03/30 06:32:46 | 000,000,288 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{91ff2bc5-3902-11df-9cff-00038a000015}\Shell\AutoRun\command - "" = J:\install.bat -- File not found
    O33 - MountPoints2\{ecccf052-efe7-11de-9c73-00212f2dd5eb}\Shell\AutoRun\command - "" = J:\install.bat -- File not found
    [2010/05/25 02:58:18 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
    [2010/05/24 17:32:06 | 000,067,584 | ---- | M] () -- C:\WINDOWS\System32\klgd.bmp
    [2010/05/24 17:32:06 | 000,010,218 | ---- | M] () -- C:\WINDOWS\System32\rof@Alternate Data Stream - 24 bytes -> C:\WINDOWS:A573813D9A8E391B
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CB0AACC9
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FB1B13D8
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.



Download and Run Rooter SD

Please download Rooter.exe and save it to your desktop
  • Double-click it to start the tool. If you are using Vista, please right-click and choose Run As Administrator...
  • Alow it to run when you get a Security Warning.
  • At the main control page, please click the green button.
  • It will now begin to scan, please be paitent. The scan should not take more than 3 minutes
  • A Notepad file containing the report will open soon. It can also be found at %systemdrive%\Rooter$\Rooter_1.txt
  • Now push the button to close Rooter.
  • Please post the contents of that log file here in your next reply.



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe from.
  • Copy and paste the contents of mbr.log on your next reply.


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • Rooter_1.txt
  • mbr.log

Thanks

unite.jpg


#5 Papa Steve

Papa Steve
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 28 May 2010 - 11:52 AM

Here's the results as you requested:

******-----------------------------------

All processes killed
========== OTL ==========
Service Viewpoint Manager Service stopped successfully!
Service Viewpoint Manager Service deleted successfully!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
Registry value HKEY_USERS\S-1-5-21-1960408961-583907252-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7327C09-B521-4EDB-8509-7D2660C9EC98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F8AD5AA5-D966-4667-9DAF-2561D68B2012} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GEST deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1960408961-583907252-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\LeechGet deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hblogon\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91ff2bc5-3902-11df-9cff-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91ff2bc5-3902-11df-9cff-00038a000015}\ not found.
File J:\install.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ecccf052-efe7-11de-9c73-00212f2dd5eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecccf052-efe7-11de-9c73-00212f2dd5eb}\ not found.
File J:\install.bat not found.
C:\WINDOWS\winstart.bat moved successfully.
C:\WINDOWS\SYSTEM32\klgd.bmp moved successfully.
File C:\WINDOWS\System32\rof@Alternate Data Stream - 24 bytes -> C:\WINDOWS:A573813D9A8E391B not found.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CB0AACC9 deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FB1B13D8 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1436234 bytes
->Temporary Internet Files folder emptied: 820373 bytes

User: All Users
->Flash cache emptied: 35 bytes

User: All Users.WINDOWS
->Flash cache emptied: 35 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 9130477 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 204637 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 161225440 bytes
->Flash cache emptied: 20387 bytes

User: Steve
->Temp folder emptied: 577729288 bytes
->Temporary Internet Files folder emptied: 5992338 bytes
->Java cache emptied: 6770242 bytes
->FireFox cache emptied: 86579273 bytes
->Flash cache emptied: 824785 bytes

User: Steve Binns
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 19638263 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2170638 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37683967 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 5370121906 bytes

Total Files Cleaned = 5,990.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users
->Flash cache emptied: 0 bytes

User: All Users.WINDOWS
->Flash cache emptied: 0 bytes

User: Default User

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY
->Flash cache emptied: 0 bytes

User: Steve
->Flash cache emptied: 0 bytes

User: Steve Binns

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.5.0 log created on 05282010_122146

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Steve\Local Settings\Temp\~DF52FA.tmp not found!
File\Folder C:\Documents and Settings\Steve\Local Settings\Temp\~DF651A.tmp not found!
C:\Documents and Settings\Steve\Local Settings\Temp\~DF6F10.tmp moved successfully.
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\YJSMLZPT\topic319384[1].htm moved successfully.
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\L2AM1D6E\iframe[1].htm moved successfully.

Registry entries deleted on Reboot...

******-----------------------------------------------

OTL logfile created on: 5/28/2010 12:31:51 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 60.02 Gb Free Space | 25.77% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 68.52 Gb Free Space | 29.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
Drive H: | 465.76 Gb Total Space | 135.41 Gb Free Space | 29.07% Space Free | Partition Type: NTFS
Drive I: | 232.88 Gb Total Space | 74.40 Gb Free Space | 31.95% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 133.76 Gb Free Space | 28.72% Space Free | Partition Type: NTFS

Computer Name: HOME-83214D20D8
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/28 10:49:57 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
PRC - [2010/05/25 17:54:57 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/25 17:54:56 | 001,314,704 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/05/04 05:31:50 | 003,464,128 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2010/04/22 09:29:37 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/22 09:29:33 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/01 09:51:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/22 12:50:20 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/13 10:17:18 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/13 10:17:15 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 10:16:55 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/13 10:16:55 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/18 09:58:00 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/12/09 16:09:30 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EasySaver\essvr.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/24 20:06:22 | 000,904,768 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2008/06/24 19:56:52 | 000,136,472 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2008/06/24 19:52:18 | 001,325,848 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2008/06/03 01:30:53 | 000,054,624 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\shellmon.exe
PRC - [2008/06/03 01:30:53 | 000,039,264 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\waol.exe
PRC - [2008/01/22 12:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/22 12:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/12/17 01:08:15 | 002,168,920 | ---- | M] (Novosoft LLC) -- C:\Program Files\Novosoft\Handy Backup\hbagent.exe
PRC - [2007/07/27 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 21:03:16 | 000,811,008 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Airlink101\AWLL3028\RtWLan.exe
PRC - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 17:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
PRC - [2004/06/04 08:54:00 | 000,212,992 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2003/10/24 00:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0a\Distillr\acrotray.exe
PRC - [2003/08/27 11:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/05/28 10:49:57 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
MOD - [2010/02/04 14:17:27 | 000,129,984 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp1.dll
MOD - [2007/07/27 08:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2007/07/27 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/25 17:54:56 | 001,314,704 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/13 10:17:15 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/13 10:16:55 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/09 16:09:30 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2003/08/27 11:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2010/05/28 12:26:08 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/04/23 12:31:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys -- (AnyDVD)
DRV - [2010/04/22 09:29:33 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/13 10:17:18 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/13 10:16:55 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/03 00:52:08 | 004,605,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/01 13:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/08/03 18:21:01 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/08/03 18:21:01 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV - [2009/08/03 18:20:50 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/08/03 18:20:46 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/08/27 05:22:24 | 004,754,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/25 23:28:10 | 003,684,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008/08/07 07:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/05/18 17:48:22 | 000,238,208 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8187B.sys -- (RTL8187B)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AmdPPM.sys -- (AmdPPM)
DRV - [2007/04/10 17:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VX3000.sys -- (VX3000)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2002/10/03 15:42:02 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1960408961-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1960408961-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1960408961-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1960408961-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.aol.com/
IE - HKU\S-1-5-21-1960408961-583907252-725345543-1003\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\SYSTEM32\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-1960408961-583907252-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.7
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aolTB50CL-ab-en-us&query="


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/22 12:51:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/27 17:36:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/18 13:51:14 | 000,000,000 | ---D | M]

[2009/07/09 14:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Extensions
[2010/05/26 20:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\extensions
[2010/05/18 13:51:21 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/03/23 00:44:56 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/05/15 20:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\extensions\artur.dubovoy@gmail.com
[2010/05/18 16:24:16 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\searchplugins\aol-search.xml
[2009/10/30 16:00:39 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\searchplugins\bing.xml
[2010/05/26 17:12:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 14:12:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/16 14:12:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/24 16:50:54 | 000,000,766 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No CLSID value found.
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (URLHooker2 Class) - {93935F7F-9C88-42F8-8445-95251D27FABC} - C:\PROGRA~1\FLASHV~1\URLHOO~1.DLL File not found
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0a\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0a\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1960408961-583907252-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0a\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1960408961-583907252-725345543-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-1960408961-583907252-725345543-1003..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKU\S-1-5-21-1960408961-583907252-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1960408961-583907252-725345543-1003..\Run: [EPSON Stylus Photo R380 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1960408961-583907252-725345543-1003..\Run: [Handy Backup] C:\Program Files\Novosoft\Handy Backup\hbagent.exe (Novosoft LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Airlink101 USB Wireless Configuration Utility.lnk = C:\Program Files\Airlink101\AWLL3028\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk = C:\Program Files\CASIO\Ploader\Plauto.exe (CASIO COMPUTER CO.,LTD.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0a\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Airlink101 USB Wireless Configuration Utility.lnk = C:\Program Files\Airlink101\AWLL3028\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Steve\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O4 - Startup: C:\Documents and Settings\Steve Binns\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-583907252-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1960408961-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Download using LeechGet - C:\Program Files\LeechGet 2004\AddUrl.html ()
O8 - Extra context menu item: Download using LeechGet Wizard - C:\Program Files\LeechGet 2004\Wizard.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Parse with LeechGet - C:\Program Files\LeechGet 2004\Parser.html ()
O15 - HKU\S-1-5-21-1960408961-583907252-725345543-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (MetaStreamCtl Class)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/st...geUploader5.cab (Image Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1262902684484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1262902675453 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/in...r_installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Images\Hubble Telescope\2004-10-a-1152a.bmp
O24 - Desktop BackupWallPaper: C:\Images\Hubble Telescope\2004-10-a-1152a.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/21 13:22:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/08/21 07:43:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O32 - AutoRun File - [2007/05/21 09:51:54 | 000,000,000 | ---D | M] - C:\autographs -- [ NTFS ]
O32 - AutoRun File - [2010/05/28 12:04:40 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/28 12:04:40 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/28 12:04:40 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/28 12:04:41 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/30 06:32:46 | 000,000,288 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/28 12:21:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/28 12:04:40 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/05/28 10:49:57 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/05/26 12:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/26 11:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\Yahoo
[2010/05/26 11:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
[2010/05/26 11:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2010/05/26 11:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Yahoo!
[2010/05/26 11:32:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/25 23:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/05/25 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\BHODemon 2
[2010/05/25 17:57:23 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/05/25 17:57:08 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/25 17:47:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/25 17:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/25 17:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2010/05/25 16:13:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Steve\Recent
[2010/05/25 13:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hitman Pro
[2010/05/25 13:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/05/25 02:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\RegRun2
[2010/05/25 02:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Simply Super Software
[2010/05/24 22:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\scan0001
[2010/05/24 17:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/05/24 17:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Malwarebytes
[2010/05/24 17:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/05/24 14:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2010/05/23 10:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\DivX
[2010/05/23 10:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/05/23 10:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX
[2010/05/19 23:01:06 | 001,872,821 | ---- | C] (Red Hat) -- C:\WINDOWS\System32\cygwin1.dll
[2010/05/19 23:01:05 | 000,487,479 | ---- | C] (Appspeed Inc.) -- C:\WINDOWS\System32\SkinMagic.dll
[2010/05/19 21:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Digiarty
[2010/05/19 21:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2010/05/18 23:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Any DVD Converter Professional
[2010/05/18 22:58:35 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/18 22:58:35 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvid.ax
[2010/05/18 22:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Leawo
[2010/05/18 22:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\DVD2AVI Ripper
[2010/05/18 22:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/05/18 13:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
[2010/05/18 13:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/05/18 13:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
[2010/05/18 13:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\AOL
[2010/05/18 13:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.5
[2010/05/18 13:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
[2010/05/18 00:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Xilisoft Corporation
[2010/05/18 00:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Xilisoft Corporation
[2010/05/17 17:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\AVS4YOU
[2010/05/17 17:44:59 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2010/05/17 17:44:59 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2010/05/17 17:44:59 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010/05/17 17:44:59 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2010/05/17 17:44:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/05/17 17:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/05/17 17:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
[2010/05/15 20:58:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\FVD Suite
[2010/05/15 20:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\FVDToolbar
[2010/05/15 20:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\FVDToolbar
[2010/05/14 16:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Apowersoft
[2010/05/07 22:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2010/05/07 22:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Topaz Labs
[2010/05/07 22:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs
[2010/05/06 20:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia
[2010/05/06 20:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia
[2010/05/03 19:41:30 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/05/03 19:40:26 | 000,454,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/05/03 19:39:40 | 002,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/05/03 19:39:40 | 002,137,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/05/03 19:39:39 | 002,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/05/03 19:39:39 | 002,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/05/02 23:44:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2010/05/02 23:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode

========== Files - Modified Within 30 Days ==========

[2013/08/13 11:01:36 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2013/08/13 10:48:50 | 000,011,079 | -H-- | M] () -- C:\Program Files\folder.htt
[2010/05/28 12:31:49 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-583907252-725345543-1003.job
[2010/05/28 12:31:48 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-583907252-725345543-1003.job
[2010/05/28 12:30:18 | 000,462,786 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/28 12:30:18 | 000,391,716 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/28 12:30:18 | 000,062,694 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/28 12:30:04 | 000,050,101 | ---- | M] () -- C:\VETlog.dmp
[2010/05/28 12:28:24 | 000,000,854 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/28 12:27:42 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/28 12:26:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/28 12:26:08 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010/05/28 12:26:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/28 12:25:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/28 12:24:25 | 015,466,496 | ---- | M] () -- C:\Documents and Settings\Steve\ntuser.dat
[2010/05/28 12:24:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Steve\ntuser.ini
[2010/05/28 11:54:48 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Flash_Disinfector.exe
[2010/05/28 10:49:57 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/05/28 08:49:54 | 060,464,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/28 07:14:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\prvlcl.dat
[2010/05/28 00:33:40 | 000,000,183 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/27 21:09:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/27 15:10:08 | 000,000,014 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/05/26 13:43:17 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\HiJackThis.lnk
[2010/05/25 21:43:53 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/05/25 20:45:08 | 000,020,528 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/25 20:43:11 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/25 17:57:02 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/25 17:56:57 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/25 15:03:23 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\PBS KIDS.url
[2010/05/25 14:17:19 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/25 03:06:04 | 004,268,576 | -H-- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\IconCache.db
[2010/05/25 02:58:18 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/25 02:58:18 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/25 02:57:41 | 000,001,407 | ---- | M] () -- C:\WINDOWS\PKZIPW.INI
[2010/05/24 21:38:48 | 000,106,332 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\scan0001.zip
[2010/05/24 17:32:06 | 000,010,218 | ---- | M] () -- C:\WINDOWS\System32\rof
[2010/05/24 16:50:54 | 000,000,766 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/05/24 14:27:14 | 000,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2010/05/23 16:15:09 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/20 03:18:17 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\Steve\default.pls
[2010/05/18 13:55:40 | 000,000,724 | ---- | M] () -- C:\WINDOWS\aolback.exe.lnk
[2010/05/18 13:30:01 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/15 21:00:41 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2010/05/13 13:00:45 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\v.2009.s01e11.lnk
[2010/05/12 11:26:41 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Moyea YouTube FLV Downloader.lnk
[2010/05/08 00:14:54 | 000,003,714 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/05/06 20:42:16 | 000,000,875 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\SolveigMM AVI Trimmer.lnk
[2010/05/06 09:23:45 | 000,027,245 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\visConfi.pdf
[2010/05/05 13:10:13 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AnyDVD.lnk
[2010/05/03 20:16:40 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/03 20:09:59 | 000,472,159 | ---- | M] () -- C:\WINDOWS\iis6.BAK

========== Files Created - No Company Name ==========

[2010/05/28 11:54:48 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Flash_Disinfector.exe
[2010/05/26 12:53:25 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\HiJackThis.lnk
[2010/05/25 18:16:48 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/25 17:58:32 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/25 17:47:09 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/05/25 13:57:41 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/24 21:38:40 | 000,106,332 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\scan0001.zip
[2010/05/24 17:32:06 | 000,010,218 | ---- | C] () -- C:\WINDOWS\System32\rof
[2010/05/24 14:27:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/05/19 23:01:06 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2010/05/18 13:55:40 | 000,000,724 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2010/05/13 13:00:45 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\v.2009.s01e11.lnk
[2010/05/12 11:26:41 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Moyea YouTube FLV Downloader.lnk
[2010/05/07 23:45:41 | 015,466,496 | ---- | C] () -- C:\Documents and Settings\Steve\ntuser.dat
[2010/05/06 20:42:16 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\SolveigMM AVI Trimmer.lnk
[2010/05/06 09:23:45 | 000,027,245 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\visConfi.pdf
[2010/04/27 12:45:53 | 000,000,071 | ---- | C] () -- C:\WINDOWS\PrintCD.INI
[2009/10/06 13:30:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2009/10/06 13:24:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ip2.INI
[2009/09/24 18:40:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/08/30 21:27:02 | 000,000,124 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/07/22 11:34:06 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/07/22 11:34:06 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/07/02 12:35:54 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2009/05/21 00:39:06 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C57EC832B1.sys
[2009/05/20 23:51:23 | 000,003,714 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/05/20 23:40:53 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2009/05/20 22:26:48 | 000,001,154 | ---- | C] () -- C:\WINDOWS\hmpro6.INI
[2009/05/20 21:52:09 | 000,003,271 | ---- | C] () -- C:\WINDOWS\sqkp40.ini
[2009/05/20 21:52:08 | 000,029,008 | ---- | C] () -- C:\WINDOWS\System32\helphelp.dll
[2009/05/20 21:52:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\kwimage.dll
[2009/05/20 17:38:09 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/05/20 17:15:38 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/05/20 17:13:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EP_SPR380.ini
[2009/05/20 16:59:57 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009/05/20 16:12:52 | 000,000,183 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/20 15:39:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/05/20 15:39:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/05/20 15:39:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/05/20 15:39:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/05/20 15:39:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/05/20 15:39:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/05/20 15:39:18 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2009/05/20 14:21:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/20 01:25:03 | 000,001,407 | ---- | C] () -- C:\WINDOWS\PKZIPW.INI
[2008/01/12 18:00:01 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/07/27 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:A573813D9A8E391B
< End of report >

******-----------------------------------------

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 16 Model 2 Stepping 3, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.6.3 (en-US)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:232 Go - Free:60 Go )
D:\ [Fixed-NTFS] .. ( Total:232 Go - Free:68 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
G:\ [Removable]
H:\ [Fixed-NTFS] .. ( Total:465 Go - Free:135 Go )
I:\ [Fixed-NTFS] .. ( Total:232 Go - Free:74 Go )
J:\ [Fixed-NTFS] .. ( Total:465 Go - Free:133 Go )
.
Scan : 12:39.08
Path : C:\Documents and Settings\Steve\Desktop\Rooter.exe
User : Steve ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (824)
______ \??\C:\WINDOWS\system32\csrss.exe (1152)
______ \??\C:\WINDOWS\system32\winlogon.exe (1188)
______ C:\WINDOWS\system32\services.exe (1236)
______ C:\WINDOWS\system32\lsass.exe (1248)
______ C:\WINDOWS\system32\Ati2evxx.exe (1428)
______ C:\WINDOWS\system32\svchost.exe (1452)
______ C:\WINDOWS\system32\svchost.exe (1568)
______ C:\WINDOWS\System32\svchost.exe (1716)
______ C:\WINDOWS\system32\svchost.exe (1796)
______ C:\WINDOWS\system32\Ati2evxx.exe (1960)
______ C:\Program Files\AVG\AVG9\avgchsvx.exe (1972)
______ C:\Program Files\AVG\AVG9\avgrsx.exe (1980)
______ C:\WINDOWS\system32\svchost.exe (432)
______ C:\Program Files\AVG\AVG9\avgcsrvx.exe (456)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (892)
______ C:\WINDOWS\system32\spoolsv.exe (980)
______ C:\WINDOWS\system32\svchost.exe (1396)
______ C:\Program Files\AVG\AVG9\avgwdsvc.exe (1956)
______ C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE (316)
______ C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE (884)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1552)
______ C:\Program Files\Microsoft LifeCam\MSCamS32.exe (1840)
______ C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (2172)
______ C:\WINDOWS\system32\svchost.exe (2308)
______ C:\WINDOWS\wanmpsvc.exe (2384)
______ C:\WINDOWS\Explorer.EXE (2436)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2548)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2668)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3156)
______ C:\Program Files\AVG\AVG9\avgemc.exe (3172)
______ C:\Program Files\AVG\AVG9\avgnsx.exe (3228)
______ C:\Program Files\AVG\AVG9\avgcsrvx.exe (3464)
______ C:\WINDOWS\system32\wbem\unsecapp.exe (3640)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3828)
______ C:\WINDOWS\System32\alg.exe (3840)
______ C:\WINDOWS\RTHDCPL.EXE (1920)
______ C:\WINDOWS\vVX3000.exe (3912)
______ C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (3920)
______ C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (3928)
______ C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (2496)
______ C:\PROGRA~1\AVG\AVG9\avgtray.exe (3956)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (2844)
______ C:\Program Files\Common Files\Java\Java Update\jusched.exe (3984)
______ C:\Program Files\Messenger\msmsgs.exe (3988)
______ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (4004)
______ C:\WINDOWS\system32\ctfmon.exe (4000)
______ C:\Program Files\Skype\Phone\Skype.exe (4016)
______ C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (4024)
______ C:\Program Files\Novosoft\Handy Backup\hbagent.exe (900)
______ C:\Program Files\Adobe\Acrobat 6.0a\Distillr\acrotray.exe (1148)
______ C:\Program Files\Airlink101\AWLL3028\RtWLan.exe (1556)
______ C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (1824)
______ C:\WINDOWS\system32\wscntfy.exe (2092)
______ C:\Program Files\AOL 9.1\waol.exe (2332)
______ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (2456)
______ C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (2300)
______ C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (1912)
______ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (5040)
______ C:\WINDOWS\System32\svchost.exe (4664)
______ C:\Program Files\Skype\Plugin Manager\skypePM.exe (2348)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (2224)
______ C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (6060)
______ C:\WINDOWS\system32\wuauclt.exe (5484)
______ C:\Program Files\AOL 9.1\shellmon.exe (1792)
______ C:\Program Files\Internet Explorer\iexplore.exe (3856)
______ C:\Program Files\Internet Explorer\iexplore.exe (5812)
______ C:\Documents and Settings\Steve\Desktop\Rooter.exe (1932)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:250056705024)
\Device\Harddisk0\Partition2 (Start_Offset:250056737280 | Length:250048512000)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-583907252-725345543-1003.job
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-583907252-725345543-1003.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\DOCUME~1\Steve\Favorites\CRACK SEARCH ENGINE - crack , serial, keygens, patches..url
C:\DOCUME~1\Steve\Favorites\CRACK SEARCH ENGINE - crack , serial, keygens, patches..url
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 12:39.20
.
C:\Rooter$\Rooter_1.txt - (28/05/2010 | 12:39.20).c

******-----------------------------------

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x899EAD01]<<
kernel: MBR read successfully
user & kernel MBR OK

******---------------------------------------

THANK YOU for your help !!!

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:42 PM

Posted 28 May 2010 - 11:58 AM

Your welcome.
  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.

unite.jpg


#7 Papa Steve

Papa Steve
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 29 May 2010 - 09:41 AM

Good Morning Syler,

Just wanted to let you know that I have been trying to run the GMER tool. So far it has crashed my computer 4 times. I am currently running it a 5th time. It has been running for almost 10 hours. It is presently scanning my Program Files area. It has only gotten this far once before, before it crashed the computer. The "crashes" consist of completely, instantly shutting off the computer.

So far the only thing in the log file is whatever it writes at the beginning of the scan. Nothing has been added since. There are 13 entries defined as ".text" that describe a "ntdll.dll" instance which describes a "JMP" condition. I have no idea what this means. I hope that it finishes so I can post the log file.

Papa Steve

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:42 PM

Posted 29 May 2010 - 11:23 AM

Hi Papa Steve,

Can you try running it again, but this time untick all the boxes on the right, except for sections.

unite.jpg


#9 Papa Steve

Papa Steve
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 29 May 2010 - 12:32 PM

I got GMER to run with just SECTIONS being ticked. Here's the file:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-29 13:02:16
Windows 5.1.2600 Service Pack 2
Running: kjjfkxjw.exe; Driver: C:\DOCUME~1\Steve\LOCALS~1\Temp\fwryrpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB4FA9000, 0x22F0B7, 0xE8000020]
.rsrc C:\WINDOWS\system32\DRIVERS\redbook.sys entry point in ".rsrc" section [0xBA273E94]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wuauclt.exe[468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\wuauclt.exe[468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\wuauclt.exe[468] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C
.text C:\WINDOWS\Explorer.EXE[976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[976] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C1000C
.text C:\WINDOWS\System32\svchost.exe[1408] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0098000A
.text C:\WINDOWS\System32\svchost.exe[1408] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[1408] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0097000C
.text C:\WINDOWS\System32\svchost.exe[1408] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\wuauclt.exe[5288] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\wuauclt.exe[5288] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\wuauclt.exe[5288] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C0000C

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\redbook.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:42 PM

Posted 29 May 2010 - 12:54 PM

Download TDLfix and save it to your desktop.
  • Close all the open windows.
  • Double-click TDLfix.exe to run the tool.
  • Type the following bold line, into the command window and press Enter:
redbook
  • The application shall restart the computer immediately and runs after restart.
  • Tell me if the computer rebooted and ran to completion.
Note: The tool currently only supports Windows XP.


  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
cmd /c "%userprofile%\desktop\mbr.exe" -t& start mbr.log
  • A file called mbr.log will pop up please post the contents in your reply.

unite.jpg


#11 Papa Steve

Papa Steve
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 29 May 2010 - 01:08 PM

Yes the computer rebooted and the program finished. Here is the new mbr.log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:42 PM

Posted 29 May 2010 - 01:13 PM

That's great we have taken care of that, please can you run OTL again and post the new log, thanks.

unite.jpg


#13 Papa Steve

Papa Steve
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 29 May 2010 - 01:27 PM

Here is the new OTL report:

OTL logfile created on: 5/29/2010 2:19:49 PM - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 59.90 Gb Free Space | 25.72% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 68.52 Gb Free Space | 29.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.76 Gb Total Space | 135.41 Gb Free Space | 29.07% Space Free | Partition Type: NTFS
Drive I: | 232.88 Gb Total Space | 74.40 Gb Free Space | 31.95% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 133.76 Gb Free Space | 28.72% Space Free | Partition Type: NTFS

Computer Name: HOME-83214D20D8
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/28 10:49:57 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
PRC - [2010/05/25 17:54:57 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/25 17:54:56 | 001,314,704 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/22 09:29:37 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/22 09:29:33 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/01 09:51:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/22 12:50:20 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/13 10:17:18 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/13 10:17:15 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 10:16:55 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/13 10:16:55 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/12/09 16:09:30 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EasySaver\essvr.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/24 20:06:22 | 000,904,768 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2008/06/24 19:56:52 | 000,136,472 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2008/06/24 19:52:18 | 001,325,848 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2008/01/22 12:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/22 12:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/12/17 01:08:15 | 002,168,920 | ---- | M] (Novosoft LLC) -- C:\Program Files\Novosoft\Handy Backup\hbagent.exe
PRC - [2007/07/27 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 21:03:16 | 000,811,008 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Airlink101\AWLL3028\RtWLan.exe
PRC - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 17:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
PRC - [2004/06/04 08:54:00 | 000,212,992 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2003/10/24 00:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0a\Distillr\acrotray.exe
PRC - [2003/08/27 11:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/05/28 10:49:57 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
MOD - [2007/07/27 08:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2007/07/27 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/25 17:54:56 | 001,314,704 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/13 10:17:15 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/13 10:16:55 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/09 16:09:30 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2003/08/27 11:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2010/05/29 14:01:31 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/04/23 12:31:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys -- (AnyDVD)
DRV - [2010/04/22 09:29:33 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/13 10:17:18 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/13 10:16:55 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/03 00:52:08 | 004,605,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/01 13:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/08/03 18:21:01 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/08/03 18:21:01 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV - [2009/08/03 18:20:50 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/08/03 18:20:46 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/08/27 05:22:24 | 004,754,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/25 23:28:10 | 003,684,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008/08/07 07:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/05/18 17:48:22 | 000,238,208 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8187B.sys -- (RTL8187B)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AmdPPM.sys -- (AmdPPM)
DRV - [2007/04/10 17:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VX3000.sys -- (VX3000)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2002/10/03 15:42:02 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.aol.com/
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\SYSTEM32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.7
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aolTB50CL-ab-en-us&query="


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/22 12:51:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/27 17:36:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/18 13:51:14 | 000,000,000 | ---D | M]

[2009/07/09 14:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Extensions
[2010/05/26 20:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\extensions
[2010/05/18 13:51:21 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/03/23 00:44:56 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/05/15 20:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\extensions\artur.dubovoy@gmail.com
[2010/05/18 16:24:16 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\searchplugins\aol-search.xml
[2009/10/30 16:00:39 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\searchplugins\bing.xml
[2010/05/26 17:12:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 14:12:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/16 14:12:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/24 16:50:54 | 000,000,766 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No CLSID value found.
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (URLHooker2 Class) - {93935F7F-9C88-42F8-8445-95251D27FABC} - C:\PROGRA~1\FLASHV~1\URLHOO~1.DLL File not found
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0a\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0a\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0a\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON Stylus Photo R380 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Handy Backup] C:\Program Files\Novosoft\Handy Backup\hbagent.exe (Novosoft LLC)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0a\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Airlink101 USB Wireless Configuration Utility.lnk = C:\Program Files\Airlink101\AWLL3028\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Steve\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Download using LeechGet - C:\Program Files\LeechGet 2004\AddUrl.html ()
O8 - Extra context menu item: Download using LeechGet Wizard - C:\Program Files\LeechGet 2004\Wizard.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Parse with LeechGet - C:\Program Files\LeechGet 2004\Parser.html ()
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (MetaStreamCtl Class)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/st...geUploader5.cab (Image Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1262902684484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1262902675453 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/in...r_installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Images\Hubble Telescope\2004-10-a-1152a.bmp
O24 - Desktop BackupWallPaper: C:\Images\Hubble Telescope\2004-10-a-1152a.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/21 13:22:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/08/21 07:43:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O32 - AutoRun File - [2007/05/21 09:51:54 | 000,000,000 | ---D | M] - C:\autographs -- [ NTFS ]
O32 - AutoRun File - [2010/05/28 12:04:40 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/28 12:04:40 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/28 12:04:40 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/28 12:04:41 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/30 06:32:46 | 000,000,288 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/29 14:04:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/05/29 14:01:36 | 000,000,000 | ---D | C] -- C:\vir
[2010/05/29 13:58:56 | 000,057,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tmpredbook.sys
[2010/05/29 13:58:56 | 000,000,000 | ---D | C] -- C:\backup
[2010/05/29 13:57:48 | 000,209,920 | ---- | C] (farbar) -- C:\Documents and Settings\Steve\Desktop\TDLfix.exe
[2010/05/28 12:39:13 | 000,000,000 | ---D | C] -- C:\Rooter$
[2010/05/28 12:36:19 | 000,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Steve\Desktop\Rooter.exe
[2010/05/28 12:21:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/28 12:04:40 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/05/28 10:49:57 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/05/26 12:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/26 11:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\Yahoo
[2010/05/26 11:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
[2010/05/26 11:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2010/05/26 11:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Yahoo!
[2010/05/26 11:32:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/25 23:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/05/25 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\BHODemon 2
[2010/05/25 17:57:23 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/05/25 17:57:08 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/25 17:47:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/25 17:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/25 17:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2010/05/25 16:13:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Steve\Recent
[2010/05/25 13:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hitman Pro
[2010/05/25 13:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/05/25 02:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\RegRun2
[2010/05/25 02:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Simply Super Software
[2010/05/24 22:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\scan0001
[2010/05/24 17:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/05/24 17:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Malwarebytes
[2010/05/24 17:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/05/24 14:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2010/05/23 10:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\DivX
[2010/05/23 10:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/05/23 10:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX
[2010/05/19 23:01:06 | 001,872,821 | ---- | C] (Red Hat) -- C:\WINDOWS\System32\cygwin1.dll
[2010/05/19 23:01:05 | 000,487,479 | ---- | C] (Appspeed Inc.) -- C:\WINDOWS\System32\SkinMagic.dll
[2010/05/19 21:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Digiarty
[2010/05/19 21:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2010/05/18 23:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Any DVD Converter Professional
[2010/05/18 22:58:35 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/18 22:58:35 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvid.ax
[2010/05/18 22:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Leawo
[2010/05/18 22:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\DVD2AVI Ripper
[2010/05/18 22:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/05/18 13:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
[2010/05/18 13:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/05/18 13:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
[2010/05/18 13:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\AOL
[2010/05/18 13:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.5
[2010/05/18 13:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
[2010/05/18 00:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Xilisoft Corporation
[2010/05/18 00:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Xilisoft Corporation
[2010/05/17 17:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\AVS4YOU
[2010/05/17 17:44:59 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2010/05/17 17:44:59 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2010/05/17 17:44:59 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010/05/17 17:44:59 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2010/05/17 17:44:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/05/17 17:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/05/17 17:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
[2010/05/15 20:58:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\FVD Suite
[2010/05/15 20:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\FVDToolbar
[2010/05/15 20:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\FVDToolbar
[2010/05/14 16:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Apowersoft
[2010/05/07 22:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2010/05/07 22:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Topaz Labs
[2010/05/07 22:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs
[2010/05/06 20:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia
[2010/05/06 20:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia
[2010/05/03 19:41:30 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/05/03 19:40:26 | 000,454,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/05/03 19:39:40 | 002,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/05/03 19:39:40 | 002,137,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/05/03 19:39:39 | 002,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/05/03 19:39:39 | 002,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/05/02 23:44:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2010/05/02 23:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode

========== Files - Modified Within 30 Days ==========

[2013/08/13 11:01:36 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2013/08/13 10:48:50 | 000,011,079 | -H-- | M] () -- C:\Program Files\folder.htt
[2010/05/29 14:18:39 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-583907252-725345543-1003.job
[2010/05/29 14:18:38 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-583907252-725345543-1003.job
[2010/05/29 14:17:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/29 14:05:53 | 000,462,786 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/29 14:05:53 | 000,391,716 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/29 14:05:53 | 000,062,694 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/29 14:03:23 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/29 14:01:31 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010/05/29 14:01:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/29 14:01:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/29 14:00:07 | 015,466,496 | ---- | M] () -- C:\Documents and Settings\Steve\ntuser.dat
[2010/05/29 13:59:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Steve\ntuser.ini
[2010/05/29 13:58:57 | 000,002,826 | ---- | M] () -- C:\redbook.reg
[2010/05/29 13:57:48 | 000,209,920 | ---- | M] (farbar) -- C:\Documents and Settings\Steve\Desktop\TDLfix.exe
[2010/05/29 13:00:07 | 000,049,891 | ---- | M] () -- C:\VETlog.dmp
[2010/05/29 12:58:28 | 000,000,854 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/28 13:12:33 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\kjjfkxjw.exe
[2010/05/28 12:40:53 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\mbr.exe
[2010/05/28 12:36:19 | 000,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Steve\Desktop\Rooter.exe
[2010/05/28 11:54:48 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Flash_Disinfector.exe
[2010/05/28 10:49:57 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/05/28 08:49:54 | 060,464,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/28 07:14:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\prvlcl.dat
[2010/05/28 00:33:40 | 000,000,183 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/27 21:09:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/27 15:10:08 | 000,000,014 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/05/26 13:43:17 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\HiJackThis.lnk
[2010/05/25 21:43:53 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/05/25 20:45:08 | 000,020,528 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/25 20:43:11 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/25 17:57:02 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/25 17:56:57 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/25 15:03:23 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\PBS KIDS.url
[2010/05/25 14:17:19 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/25 03:06:04 | 004,268,576 | -H-- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\IconCache.db
[2010/05/25 02:58:18 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/25 02:58:18 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/25 02:57:41 | 000,001,407 | ---- | M] () -- C:\WINDOWS\PKZIPW.INI
[2010/05/24 21:38:48 | 000,106,332 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\scan0001.zip
[2010/05/24 17:32:06 | 000,010,218 | ---- | M] () -- C:\WINDOWS\System32\rof
[2010/05/24 16:50:54 | 000,000,766 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/05/24 14:27:14 | 000,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2010/05/23 16:15:09 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/20 03:18:17 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\Steve\default.pls
[2010/05/18 13:55:40 | 000,000,724 | ---- | M] () -- C:\WINDOWS\aolback.exe.lnk
[2010/05/18 13:30:01 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/15 21:00:41 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2010/05/13 13:00:45 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\v.2009.s01e11.lnk
[2010/05/12 11:26:41 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Moyea YouTube FLV Downloader.lnk
[2010/05/08 00:14:54 | 000,003,714 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/05/06 20:42:16 | 000,000,875 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\SolveigMM AVI Trimmer.lnk
[2010/05/06 09:23:45 | 000,027,245 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\visConfi.pdf
[2010/05/05 13:10:13 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AnyDVD.lnk
[2010/05/03 20:16:40 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/03 20:09:59 | 000,472,159 | ---- | M] () -- C:\WINDOWS\iis6.BAK

========== Files Created - No Company Name ==========

[2010/05/29 14:06:19 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\Steve\mbr.log
[2010/05/29 13:58:57 | 000,002,826 | ---- | C] () -- C:\redbook.reg
[2010/05/28 13:12:33 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\kjjfkxjw.exe
[2010/05/28 12:40:53 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\mbr.exe
[2010/05/28 11:54:48 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Flash_Disinfector.exe
[2010/05/26 12:53:25 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\HiJackThis.lnk
[2010/05/25 18:16:48 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/25 17:58:32 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/25 17:47:09 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/05/25 13:57:41 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/24 21:38:40 | 000,106,332 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\scan0001.zip
[2010/05/24 17:32:06 | 000,010,218 | ---- | C] () -- C:\WINDOWS\System32\rof
[2010/05/24 14:27:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/05/19 23:01:06 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2010/05/18 13:55:40 | 000,000,724 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2010/05/13 13:00:45 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\v.2009.s01e11.lnk
[2010/05/12 11:26:41 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Moyea YouTube FLV Downloader.lnk
[2010/05/07 23:45:41 | 015,466,496 | ---- | C] () -- C:\Documents and Settings\Steve\ntuser.dat
[2010/05/06 20:42:16 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\SolveigMM AVI Trimmer.lnk
[2010/05/06 09:23:45 | 000,027,245 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\visConfi.pdf
[2010/04/27 12:45:53 | 000,000,071 | ---- | C] () -- C:\WINDOWS\PrintCD.INI
[2009/10/06 13:30:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2009/10/06 13:24:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ip2.INI
[2009/09/24 18:40:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/08/30 21:27:02 | 000,000,124 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/07/22 11:34:06 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/07/22 11:34:06 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/07/02 12:35:54 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2009/05/21 00:39:06 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C57EC832B1.sys
[2009/05/20 23:51:23 | 000,003,714 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/05/20 23:40:53 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2009/05/20 22:26:48 | 000,001,154 | ---- | C] () -- C:\WINDOWS\hmpro6.INI
[2009/05/20 21:52:09 | 000,003,271 | ---- | C] () -- C:\WINDOWS\sqkp40.ini
[2009/05/20 21:52:08 | 000,029,008 | ---- | C] () -- C:\WINDOWS\System32\helphelp.dll
[2009/05/20 21:52:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\kwimage.dll
[2009/05/20 17:38:09 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/05/20 17:15:38 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/05/20 17:13:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EP_SPR380.ini
[2009/05/20 16:59:57 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009/05/20 16:12:52 | 000,000,183 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/20 15:39:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/05/20 15:39:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/05/20 15:39:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/05/20 15:39:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/05/20 15:39:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/05/20 15:39:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/05/20 15:39:18 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2009/05/20 14:21:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/20 01:25:03 | 000,001,407 | ---- | C] () -- C:\WINDOWS\PKZIPW.INI
[2008/01/12 18:00:01 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/07/27 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:A573813D9A8E391B
< End of report >


#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:42 PM

Posted 29 May 2010 - 01:43 PM

Please let me know in your next reply how the machine is running and if you are having any more problems.


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O2 - BHO: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No CLSID value found.
    O2 - BHO: (URLHooker2 Class) - {93935F7F-9C88-42F8-8445-95251D27FABC} - C:\PROGRA~1\FLASHV~1\URLHOO~1.DLL File not found
    O32 - AutoRun File - [2009/03/30 06:32:46 | 000,000,288 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
    [2010/05/29 14:01:36 | 000,000,000 | ---D | C] -- C:\vir
    [2010/05/29 13:58:56 | 000,057,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tmpredbook.sys
    [2010/05/29 13:58:56 | 000,000,000 | ---D | C] -- C:\backup
    [2010/05/29 13:57:48 | 000,209,920 | ---- | C] (farbar) -- C:\Documents and Settings\Steve\Desktop\TDLfix.exe
    [2010/05/24 17:32:06 | 000,010,218 | ---- | M] () -- C:\WINDOWS\System32\rof
    [2010/05/15 21:00:41 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
    @Alternate Data Stream - 24 bytes -> C:\WINDOWS:A573813D9A8E391B
    :files
    C:\documents and settings\Steve\Favorites\CRACK SEARCH ENGINE - crack , serial, keygens, patches..url
    C:\documents and settings\Steve\Favorites\CRACK SEARCH ENGINE - crack , serial, keygens, patches..url
    :Commands
    [Resethosts]
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • OTL results
  • New OTL log
  • ESET report

Thanks

unite.jpg


#15 Papa Steve

Papa Steve
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 29 May 2010 - 05:59 PM

Hi Syler,

I can now go to this forum, with firewall enabled. I can now go to Microsft Update. I no longer get redirected search engine results. So far no more sudden pop-up windows for strange websites. So for right now, this computer seems to be back in good health. You had me run the ESET Online Scanner. It found 3 threats. Am I to assume that this software is a good choice? Nothing else I have run, antivirus, spyware, adware or malware software ever found anything.

Here are the results that you requested:

*****************************

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93935F7F-9C88-42F8-8445-95251D27FABC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93935F7F-9C88-42F8-8445-95251D27FABC}\ deleted successfully.
J:\Autorun.inf moved successfully.
C:\vir folder moved successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\tmpredbook.sys moved successfully.
C:\backup folder moved successfully.
C:\Documents and Settings\Steve\Desktop\TDLfix.exe moved successfully.
C:\WINDOWS\SYSTEM32\rof moved successfully.
C:\WINDOWS\SYSTEM32\-1 moved successfully.
ADS C:\WINDOWS:A573813D9A8E391B deleted successfully.
========== FILES ==========
C:\documents and settings\Steve\Favorites\CRACK SEARCH ENGINE - crack , serial, keygens, patches..url moved successfully.
File\Folder C:\documents and settings\Steve\Favorites\CRACK SEARCH ENGINE - crack , serial, keygens, patches..url not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: All Users.WINDOWS
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 24175248 bytes
->Flash cache emptied: 1305 bytes

User: Steve
->Temp folder emptied: 878355 bytes
->Temporary Internet Files folder emptied: 4542048 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 671 bytes

User: Steve Binns
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 197091 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 28.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users
->Flash cache emptied: 0 bytes

User: All Users.WINDOWS
->Flash cache emptied: 0 bytes

User: Default User

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY
->Flash cache emptied: 0 bytes

User: Steve
->Flash cache emptied: 0 bytes

User: Steve Binns

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.5.0 log created on 05292010_144636

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Steve\Local Settings\Temp\~DF46B7.tmp not found!
File\Folder C:\Documents and Settings\Steve\Local Settings\Temp\~DF533A.tmp not found!
C:\Documents and Settings\Steve\Local Settings\Temp\~DF5916.tmp moved successfully.
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\DA0ILJ6Z\topic319384[1].htm moved successfully.
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\COH5BHTV\iframe[3].htm moved successfully.

Registry entries deleted on Reboot...

********************************

OTL logfile created on: 5/29/2010 2:54:40 PM - Run 4
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 59.93 Gb Free Space | 25.73% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 68.52 Gb Free Space | 29.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.76 Gb Total Space | 135.41 Gb Free Space | 29.07% Space Free | Partition Type: NTFS
Drive I: | 232.88 Gb Total Space | 74.40 Gb Free Space | 31.95% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 133.76 Gb Free Space | 28.72% Space Free | Partition Type: NTFS

Computer Name: HOME-83214D20D8
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/28 10:49:57 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
PRC - [2010/05/25 17:54:57 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/25 17:54:56 | 001,314,704 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/22 09:29:37 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/22 09:29:33 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/01 09:51:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/22 12:50:20 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/13 10:17:18 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/13 10:17:15 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 10:16:55 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/13 10:16:55 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/18 09:58:00 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/12/09 16:09:30 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EasySaver\essvr.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/24 20:06:22 | 000,904,768 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2008/06/24 19:56:52 | 000,136,472 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2008/06/24 19:52:18 | 001,325,848 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2008/01/22 12:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/22 12:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/12/17 01:08:15 | 002,168,920 | ---- | M] (Novosoft LLC) -- C:\Program Files\Novosoft\Handy Backup\hbagent.exe
PRC - [2007/07/27 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 21:03:16 | 000,811,008 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Airlink101\AWLL3028\RtWLan.exe
PRC - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 17:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
PRC - [2004/06/04 08:54:00 | 000,212,992 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2003/10/24 00:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0a\Distillr\acrotray.exe
PRC - [2003/08/27 11:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/05/28 10:49:57 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
MOD - [2007/07/27 08:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2007/07/27 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/25 17:54:56 | 001,314,704 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/13 10:17:15 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/13 10:16:55 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/09 16:09:30 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2007/05/17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2003/08/27 11:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2010/05/29 14:49:11 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/04/23 12:31:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys -- (AnyDVD)
DRV - [2010/04/22 09:29:33 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/13 10:17:18 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/13 10:16:55 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/03 00:52:08 | 004,605,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/01 13:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/08/03 18:21:01 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/08/03 18:21:01 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV - [2009/08/03 18:20:50 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/08/03 18:20:46 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/08/27 05:22:24 | 004,754,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/25 23:28:10 | 003,684,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008/08/07 07:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/05/18 17:48:22 | 000,238,208 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8187B.sys -- (RTL8187B)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AmdPPM.sys -- (AmdPPM)
DRV - [2007/04/10 17:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VX3000.sys -- (VX3000)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2002/10/03 15:42:02 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.aol.com/
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\SYSTEM32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.7
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aolTB50CL-ab-en-us&query="


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/22 12:51:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/27 17:36:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/18 13:51:14 | 000,000,000 | ---D | M]

[2009/07/09 14:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Extensions
[2010/05/26 20:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\extensions
[2010/05/18 13:51:21 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/03/23 00:44:56 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/05/15 20:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\extensions\artur.dubovoy@gmail.com
[2010/05/18 16:24:16 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\searchplugins\aol-search.xml
[2009/10/30 16:00:39 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\5xky9pw9.default\searchplugins\bing.xml
[2010/05/26 17:12:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 14:12:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/16 14:12:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/29 14:46:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0a\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0a\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0a\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON Stylus Photo R380 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Handy Backup] C:\Program Files\Novosoft\Handy Backup\hbagent.exe (Novosoft LLC)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0a\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Airlink101 USB Wireless Configuration Utility.lnk = C:\Program Files\Airlink101\AWLL3028\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Steve\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Download using LeechGet - C:\Program Files\LeechGet 2004\AddUrl.html ()
O8 - Extra context menu item: Download using LeechGet Wizard - C:\Program Files\LeechGet 2004\Wizard.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Parse with LeechGet - C:\Program Files\LeechGet 2004\Parser.html ()
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (MetaStreamCtl Class)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/st...geUploader5.cab (Image Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1262902684484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1262902675453 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/in...r_installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Images\Hubble Telescope\2004-10-a-1152a.bmp
O24 - Desktop BackupWallPaper: C:\Images\Hubble Telescope\2004-10-a-1152a.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/21 13:22:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/08/21 07:43:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O32 - AutoRun File - [2007/05/21 09:51:54 | 000,000,000 | ---D | M] - C:\autographs -- [ NTFS ]
O32 - AutoRun File - [2010/05/28 12:04:40 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/28 12:04:40 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/28 12:04:40 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/28 12:04:41 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/28 12:39:13 | 000,000,000 | ---D | C] -- C:\Rooter$
[2010/05/28 12:36:19 | 000,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Steve\Desktop\Rooter.exe
[2010/05/28 12:21:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/28 12:04:40 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/05/28 10:49:57 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/05/26 12:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/26 11:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\Yahoo
[2010/05/26 11:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
[2010/05/26 11:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2010/05/26 11:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Yahoo!
[2010/05/26 11:32:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/25 23:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/05/25 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\BHODemon 2
[2010/05/25 17:57:23 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/05/25 17:57:08 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/25 17:47:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/25 17:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/25 17:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2010/05/25 16:13:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Steve\Recent
[2010/05/25 13:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hitman Pro
[2010/05/25 13:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/05/25 02:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\RegRun2
[2010/05/25 02:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Simply Super Software
[2010/05/24 22:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\scan0001
[2010/05/24 17:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/05/24 17:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Malwarebytes
[2010/05/24 17:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/05/24 14:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2010/05/23 10:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\DivX
[2010/05/23 10:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/05/23 10:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX
[2010/05/19 23:01:06 | 001,872,821 | ---- | C] (Red Hat) -- C:\WINDOWS\System32\cygwin1.dll
[2010/05/19 23:01:05 | 000,487,479 | ---- | C] (Appspeed Inc.) -- C:\WINDOWS\System32\SkinMagic.dll
[2010/05/19 21:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Digiarty
[2010/05/19 21:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2010/05/18 23:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Any DVD Converter Professional
[2010/05/18 22:58:35 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/18 22:58:35 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvid.ax
[2010/05/18 22:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Leawo
[2010/05/18 22:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\DVD2AVI Ripper
[2010/05/18 22:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/05/18 13:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Macromedia
[2010/05/18 13:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/05/18 13:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
[2010/05/18 13:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\AOL
[2010/05/18 13:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.5
[2010/05/18 13:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
[2010/05/18 00:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Xilisoft Corporation
[2010/05/18 00:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Xilisoft Corporation
[2010/05/17 17:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\AVS4YOU
[2010/05/17 17:44:59 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2010/05/17 17:44:59 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2010/05/17 17:44:59 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010/05/17 17:44:59 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2010/05/17 17:44:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/05/17 17:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/05/17 17:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
[2010/05/15 20:58:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\FVD Suite
[2010/05/15 20:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\FVDToolbar
[2010/05/15 20:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\FVDToolbar
[2010/05/14 16:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Apowersoft
[2010/05/07 22:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2010/05/07 22:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Topaz Labs
[2010/05/07 22:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs
[2010/05/06 20:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia
[2010/05/06 20:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia
[2010/05/03 19:41:30 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/05/03 19:40:26 | 000,454,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/05/03 19:39:40 | 002,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/05/03 19:39:40 | 002,137,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/05/03 19:39:39 | 002,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/05/03 19:39:39 | 002,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/05/02 23:44:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2010/05/02 23:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode

========== Files - Modified Within 30 Days ==========

[2013/08/13 11:01:36 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2013/08/13 10:48:50 | 000,011,079 | -H-- | M] () -- C:\Program Files\folder.htt
[2010/05/29 14:53:19 | 000,462,786 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/29 14:53:19 | 000,391,716 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/29 14:53:19 | 000,062,694 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/29 14:49:31 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-583907252-725345543-1003.job
[2010/05/29 14:49:30 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-583907252-725345543-1003.job
[2010/05/29 14:49:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/29 14:49:11 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010/05/29 14:49:10 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/29 14:49:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/29 14:49:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/29 14:47:35 | 015,466,496 | ---- | M] () -- C:\Documents and Settings\Steve\ntuser.dat
[2010/05/29 14:47:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Steve\ntuser.ini
[2010/05/29 14:46:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/05/29 13:58:57 | 000,002,826 | ---- | M] () -- C:\redbook.reg
[2010/05/29 13:00:07 | 000,049,891 | ---- | M] () -- C:\VETlog.dmp
[2010/05/29 12:58:28 | 000,000,854 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/28 13:12:33 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\kjjfkxjw.exe
[2010/05/28 12:40:53 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\mbr.exe
[2010/05/28 12:36:19 | 000,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Steve\Desktop\Rooter.exe
[2010/05/28 11:54:48 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Flash_Disinfector.exe
[2010/05/28 10:49:57 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/05/28 08:49:54 | 060,464,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/28 07:14:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\prvlcl.dat
[2010/05/28 00:33:40 | 000,000,183 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/27 21:09:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/27 15:10:08 | 000,000,014 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/05/26 13:43:17 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\HiJackThis.lnk
[2010/05/25 21:43:53 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/05/25 20:45:08 | 000,020,528 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/25 20:43:11 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/25 17:57:02 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/25 17:56:57 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/25 15:03:23 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\PBS KIDS.url
[2010/05/25 14:17:19 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/25 03:06:04 | 004,268,576 | -H-- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\IconCache.db
[2010/05/25 02:58:18 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/25 02:58:18 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/25 02:57:41 | 000,001,407 | ---- | M] () -- C:\WINDOWS\PKZIPW.INI
[2010/05/24 21:38:48 | 000,106,332 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\scan0001.zip
[2010/05/24 14:27:14 | 000,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2010/05/23 16:15:09 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/20 03:18:17 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\Steve\default.pls
[2010/05/18 13:55:40 | 000,000,724 | ---- | M] () -- C:\WINDOWS\aolback.exe.lnk
[2010/05/18 13:30:01 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/13 13:00:45 | 000,000,563 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\v.2009.s01e11.lnk
[2010/05/12 11:26:41 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Moyea YouTube FLV Downloader.lnk
[2010/05/08 00:14:54 | 000,003,714 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/05/06 20:42:16 | 000,000,875 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\SolveigMM AVI Trimmer.lnk
[2010/05/06 09:23:45 | 000,027,245 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\visConfi.pdf
[2010/05/05 13:10:13 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AnyDVD.lnk
[2010/05/03 20:16:40 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/03 20:09:59 | 000,472,159 | ---- | M] () -- C:\WINDOWS\iis6.BAK

========== Files Created - No Company Name ==========

[2010/05/29 14:06:19 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\Steve\mbr.log
[2010/05/29 13:58:57 | 000,002,826 | ---- | C] () -- C:\redbook.reg
[2010/05/28 13:12:33 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\kjjfkxjw.exe
[2010/05/28 12:40:53 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\mbr.exe
[2010/05/28 11:54:48 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Flash_Disinfector.exe
[2010/05/26 12:53:25 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\HiJackThis.lnk
[2010/05/25 18:16:48 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/25 17:58:32 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/25 17:47:09 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/05/25 13:57:41 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/05/24 21:38:40 | 000,106,332 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\scan0001.zip
[2010/05/24 14:27:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/05/19 23:01:06 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2010/05/18 13:55:40 | 000,000,724 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2010/05/13 13:00:45 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\v.2009.s01e11.lnk
[2010/05/12 11:26:41 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Moyea YouTube FLV Downloader.lnk
[2010/05/07 23:45:41 | 015,466,496 | ---- | C] () -- C:\Documents and Settings\Steve\ntuser.dat
[2010/05/06 20:42:16 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\SolveigMM AVI Trimmer.lnk
[2010/05/06 09:23:45 | 000,027,245 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\visConfi.pdf
[2010/04/27 12:45:53 | 000,000,071 | ---- | C] () -- C:\WINDOWS\PrintCD.INI
[2009/10/06 13:30:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2009/10/06 13:24:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ip2.INI
[2009/09/24 18:40:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/08/30 21:27:02 | 000,000,124 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/07/22 11:34:06 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/07/22 11:34:06 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/07/02 12:35:54 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2009/05/21 00:39:06 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C57EC832B1.sys
[2009/05/20 23:51:23 | 000,003,714 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/05/20 23:40:53 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2009/05/20 22:26:48 | 000,001,154 | ---- | C] () -- C:\WINDOWS\hmpro6.INI
[2009/05/20 21:52:09 | 000,003,271 | ---- | C] () -- C:\WINDOWS\sqkp40.ini
[2009/05/20 21:52:08 | 000,029,008 | ---- | C] () -- C:\WINDOWS\System32\helphelp.dll
[2009/05/20 21:52:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\kwimage.dll
[2009/05/20 17:38:09 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/05/20 17:15:38 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/05/20 17:13:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EP_SPR380.ini
[2009/05/20 16:59:57 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009/05/20 16:12:52 | 000,000,183 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/20 15:39:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/05/20 15:39:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/05/20 15:39:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/05/20 15:39:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/05/20 15:39:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/05/20 15:39:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/05/20 15:39:18 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2009/05/20 14:21:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/20 01:25:03 | 000,001,407 | ---- | C] () -- C:\WINDOWS\PKZIPW.INI
[2008/01/12 18:00:01 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/07/27 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >

***************************

C:\Program Files\America Online 8.0\MediaPlayer\setup.exe probably a variant of Win32/Agent trojan
C:\RECYCLER\S-1-5-21-2052111302-688789844-854245398-1003\Dc225.bak multiple threats
C:\_OTL\MovedFiles\05292010_144636\C_\vir\redbook.sys.old Win32/Olmarik.ZC trojan

***************************






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users