Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Drive By AV removal installed/partially removed


  • This topic is locked This topic is locked
15 replies to this topic

#1 linus12

linus12

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:California, Bay Area
  • Local time:01:51 PM

Posted 28 May 2010 - 03:15 PM

Son received a Bogus POP up AV (Anti-Virus) screen after going to a site deemed OK by friends. Suspect he got hit with a drive-by install from an "Ad". Was able to find the program using MSCONFIG and removed the running of the program. Also renamed the file with an extension of "XXXX" rather than "exe". Still have the file for analysis if needed.

Have run MalwareBytes Malware removal, it found a couple of items in the registry related to the AV installation and removed them. Have run the MalwareBytes program until it was clean.

Son does a lot of on-line gaming. PANDO was installed, it has been removed.

I have run DDS (Log file below) as well as Hijackthis (logfile below, and Attach.txt file attached).
Installed GMER per your instruction thread, however it aborts when trying to run and reboots the system.

I have tried to use System Restore to get back Registry, but it will not restore. always fails.
When Booting up the PC:
o The DHCP Client does not start so the network will not connect. Have to start it manually.
o The Themes Service does not start, so I have to start that manually.
o Speaker control does not show up, and the "RealTek HD Audio Monitor" indicates that "No Mixer" is installed. W
o While There is no "sound" from the speakers, the "RealTek HD Audio Monitor" can produce the test sounds and we can hear them through the speaker.
o The network seems to work ok, but the "Workgroup" is MSHOME rather than "WORKGROUP" which is what it was before.

System seems ok for about 10 mins, but then starts acting flaky. Programs like Notebook won't start, can't get to "properties" on My Computer. Task manager will not start.


Machine Specifics
OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Name VI-M7560Y
System Manufacturer HP Pavilion 061
System Model EW175AV-ABA m7560y
System Type X86-based PC
Processor x86 Family 15 Model 6 Stepping 2 GenuineIntel ~3201 Mhz
Processor x86 Family 15 Model 6 Stepping 2 GenuineIntel ~3201 Mhz
BIOS Version/Date Phoenix Technologies, LTD 3.12, 4/17/2006
SMBIOS Version 2.4
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
User Name VI-M7560Y\Vi
Time Zone Pacific Daylight Time
Total Physical Memory 2,048.00 MB
Available Physical Memory 1.36 GB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 3.85 GB
Page File C:\pagefile.sys


----------------------------------------------------------------------------------------------------
DDS.Txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by Vi at 13:02:05.75 on Fri 05/28/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1297 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\Tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Vi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
C:\Documents and Settings\Vi\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Downloads\HijackThis\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Google Update] "c:\documents and settings\vi\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HP VoodooDNA Mouse] "c:\program files\hp laser gaming mouse with voodoodna\hid.exe"
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\vi\startm~1\programs\startup\google~1.lnk - c:\documents and settings\vi\local settings\application data\google\google talk, labs edition\GoogleTalkLabsEdition.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mbcame~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264138020595
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264138006501
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\vi\applic~1\mozilla\firefox\profiles\5jed6s9i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\vi\application data\mozilla\firefox\profiles\5jed6s9i.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\vi\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\vi\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2009-9-16 127744]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-9 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-30 27784]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-31 297752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-6-2 1119888]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-21 24652]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2006-6-2 82048]
R3 GamingMsFltr;HP Laser Mouse with VoodooDNA;c:\windows\system32\drivers\gamingms.sys [2009-12-14 10112]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-7-14 19720]
S3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\drivers\hcwhdpvr.sys [2009-9-16 157184]
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000;c:\windows\system32\drivers\hpusbwdm.sys [2004-1-5 1080832]
S3 XDva309;XDva309;\??\c:\windows\system32\xdva309.sys --> c:\windows\system32\XDva309.sys [?]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-9-16 192160]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-9-16 169632]

=============== Created Last 30 ================

2010-05-13 02:48:14 0 d-----w- c:\program files\Touhou
2010-05-13 02:37:41 0 d--h--w- c:\windows\PIF
2010-05-12 04:02:12 0 d-----w- c:\docume~1\vi\applic~1\LolClient
2010-05-09 01:49:16 0 d-----w- c:\program files\StarCraft II Beta
2010-05-09 01:04:12 0 d-----w- c:\program files\Starcraft2
2010-04-29 03:05:13 0 d-----w- c:\program files\iPod
2010-04-29 03:05:07 0 d-----w- c:\program files\iTunes
2010-04-29 02:58:05 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-04-29 22:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 20:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-07 06:43:39 71140 ---ha-w- c:\windows\system32\mlfcache.dat
2006-06-10 05:40:28 22 --sha-w- c:\windows\sminst\HPCD.sys
2009-07-03 01:27:03 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-03 01:27:03 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-03 01:27:03 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 13:03:43.04 ===============

----------------------------------------------------------------------------------------------------

Hijackthis.log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:06:06 PM, on 5/28/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\Tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Vi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
C:\Documents and Settings\Vi\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Downloads\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP VoodooDNA Mouse] "C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe"
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Vi\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O4 - Global Startup: MBCameraMonitor.lnk = C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1264138020595
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1264138006501
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 17284 bytes


Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:51 PM

Posted 31 May 2010 - 07:38 AM

Hello and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have
since resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 linus12

linus12
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:California, Bay Area
  • Local time:01:51 PM

Posted 31 May 2010 - 11:36 AM

Good morning Syler (or Good evening in your case smile.gif ) Glad you have time to work on my problem. I do understand you are busy, and my son and I are grateful for all the help you can give.

Just to let you know, we have done nothing to the computer since we posted the first request for help. While my son is going through his withdrawals from not being able to chat with his friends or play his games, he has been getting by on a laptop, so we have the computer all to ourselves for running checks and fixes. I am posting this from my computer, so we don't run into any additional issues.

I downloaded OTL and ran the scan with the additional commands. Here are the two output files.

Looking forward to your next post and thanks again!

Linus

P.S. I've been through this before about a year ago with my Daughter's computer and two years before that with one of mine, so I know the drill. Been working with these things for about 25 years now, but sometimes you just have to call in the experts!


OTL.TXT
OTL logfile created on: 5/31/2010 9:10:11 AM - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Documents and Settings\Vi\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.11 Gb Total Space | 30.96 Gb Free Space | 13.82% Space Free | Partition Type: NTFS
Drive D: | 8.75 Gb Total Space | 0.55 Gb Free Space | 6.25% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 372.60 Gb Total Space | 210.32 Gb Free Space | 56.45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 232.88 Gb Total Space | 130.54 Gb Free Space | 56.05% Space Free | Partition Type: NTFS

Computer Name: VI-M7560Y
Current User Name: Vi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/31 08:53:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vi\Desktop\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 17:42:34 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/08/24 10:54:26 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/24 10:54:01 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/13 19:02:34 | 000,357,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2009/08/13 18:59:22 | 003,161,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2009/08/13 18:38:26 | 000,473,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
PRC - [2009/08/13 18:37:56 | 001,573,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2009/08/13 18:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009/08/13 18:37:34 | 000,523,784 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
PRC - [2009/08/13 18:37:24 | 000,676,360 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/03 15:04:22 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
PRC - [2008/08/01 10:55:40 | 000,323,584 | ---- | M] () -- C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe
PRC - [2008/07/31 16:35:04 | 000,303,104 | ---- | M] () -- C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\Tray.exe
PRC - [2008/06/24 03:20:36 | 000,094,704 | ---- | M] (Google) -- C:\Documents and Settings\Vi\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/06/02 19:51:23 | 001,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/06/02 19:13:12 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/02/21 09:59:00 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/02/21 09:58:34 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/11/08 07:51:54 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
PRC - [2005/09/09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/08/26 18:14:44 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2004/08/09 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/31 08:53:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vi\Desktop\OTL.exe
MOD - [2009/09/27 19:20:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2009/09/24 00:45:14 | 001,624,680 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/09 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/24 10:54:01 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/12 17:19:48 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/06/02 19:51:23 | 001,119,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/05/15 18:24:33 | 002,086,592 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/05/15 18:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/03/23 16:44:04 | 000,169,632 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/23 16:43:52 | 000,192,160 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/21 09:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/11/08 07:51:54 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService)
SRV - [2005/09/09 19:09:28 | 002,066,024 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005/09/09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2004/12/13 15:30:08 | 000,079,472 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2002/12/17 10:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)


========== Driver Services (SafeList) ==========

DRV - [2010/01/24 17:28:17 | 000,139,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/10/02 14:46:00 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)
DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/24 10:54:26 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/24 10:54:26 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/14 16:35:30 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/04/01 05:57:00 | 000,157,184 | R--- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwhdpvr.sys -- (hcwhdpvr)
DRV - [2009/02/19 15:22:52 | 000,127,744 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ArcHlp.sys -- (archlp)
DRV - [2008/05/12 19:06:18 | 000,010,112 | ---- | M] (Primax Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gamingms.sys -- (GamingMsFltr)
DRV - [2007/07/09 11:58:26 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/07/09 11:58:26 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/02/17 03:22:30 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006/06/08 23:22:41 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/06/08 21:57:09 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/04/20 07:35:16 | 000,082,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxfalcon.sys -- (CXFALCON)
DRV - [2006/03/08 06:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/21 09:44:30 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/11/08 07:51:40 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/08 07:51:38 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/11/08 07:51:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/11/08 07:51:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/11/08 07:51:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/09/09 19:09:20 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005/09/09 19:09:20 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005/06/29 10:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/02/04 11:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2004/01/05 11:01:20 | 001,080,832 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpusbwdm.sys -- (hpusbwdm)
DRV - [2003/11/05 00:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.80
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 11:53:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/01/04 21:37:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 11:55:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/27 23:03:36 | 000,000,000 | ---D | M]

[2008/12/15 17:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi\Application Data\Mozilla\Extensions
[2010/05/28 21:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi\Application Data\Mozilla\Firefox\Profiles\5jed6s9i.default\extensions
[2010/05/28 12:06:13 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Vi\Application Data\Mozilla\Firefox\Profiles\5jed6s9i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/04/16 19:09:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Vi\Application Data\Mozilla\Firefox\Profiles\5jed6s9i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/28 12:06:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Vi\Application Data\Mozilla\Firefox\Profiles\5jed6s9i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/28 12:06:12 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Vi\Application Data\Mozilla\Firefox\Profiles\5jed6s9i.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/01/08 20:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi\Application Data\Mozilla\Firefox\Profiles\5jed6s9i.default\extensions\battlefieldheroespatcher@ea.com
[2010/04/13 18:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi\Application Data\Mozilla\Firefox\Profiles\5jed6s9i.default\extensions\personas@christopher.beard
[2010/01/04 20:41:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/11/21 22:45:40 | 000,002,038 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml

O1 HOSTS File: ([2004/08/09 21:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP VoodooDNA Mouse] C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe ()
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MBCameraMonitor.lnk = C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Vi\Start Menu\Programs\Startup\Google Talk, Labs Edition.lnk = C:\Documents and Settings\Vi\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe (Google)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 03 00 00 00 [binary data]
O7 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF 03 [binary data]
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1264138020595 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1264138006501 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.178 68.87.78.130
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Vi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/02 19:31:01 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/14 12:13:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "WZCSVC"
MsConfig - Services: "SCardSvr"
MsConfig - Services: "Norton Ghost"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "Fax"
MsConfig - Services: "FastUserSwitchingCompatibility"
MsConfig - Services: "ccSetMgr"
MsConfig - Services: "ccPwdSvc"
MsConfig - Services: "ccEvtMgr"
MsConfig - Services: "Automatic LiveUpdate Scheduler"
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Aim6 - hkey= - key= - File not found
MsConfig - StartUpReg: BtcMaestro - hkey= - key= - C:\Program Files\HP Wireless Keyboard\KMaestro.exe (BTC)
MsConfig - StartUpReg: ccApp - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
MsConfig - StartUpReg: DISCover - hkey= - key= - C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
MsConfig - StartUpReg: DiscUpdateManager - hkey= - key= - C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
MsConfig - StartUpReg: DMAScheduler - hkey= - key= - c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
MsConfig - StartUpReg: EA Core - hkey= - key= - C:\Program Files\EA Games\EADM\Core.exe (Electronic Arts)
MsConfig - StartUpReg: edupcnju - hkey= - key= - C:\Documents and Settings\Vi\Local Settings\Application Data\ibgbhmlsj\yaeoaswtssd.exe File not found
MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: HPHUPD08 - hkey= - key= - c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
MsConfig - StartUpReg: Norton Ghost 10.0 - hkey= - key= - C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files\Pando Networks\Media Booster\PMB.exe File not found
MsConfig - StartUpReg: PCDrProfiler - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Reminder - hkey= - key= - C:\Windows\Creator\Remind_XP.exe (SoftThinks)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Ligos Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/31 09:07:57 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vi\Desktop\OTL.exe
[2010/05/29 02:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2010/05/26 21:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vi\Local Settings\Application Data\xxxxxibgbhmlsjxxxxxx
[2010/05/12 19:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Touhou
[2010/05/12 19:37:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/05/11 21:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vi\Application Data\LolClient
[2010/05/08 18:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Beta
[2010/05/08 18:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vi\My Documents\StarCraft II Beta
[2010/05/08 18:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vi\Local Settings\Application Data\Blizzard Entertainment
[2010/05/08 18:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Starcraft2
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/31 09:05:26 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/05/31 09:04:11 | 000,254,308 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/31 09:00:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/31 08:59:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/31 08:59:41 | 2145,865,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/31 08:53:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vi\Desktop\OTL.exe
[2010/05/30 00:35:29 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Vi\NTUSER.DAT
[2010/05/29 09:11:32 | 060,497,836 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/27 21:24:41 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/26 23:14:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/26 23:14:30 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/26 23:11:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3846443561-3816410177-4197130686-1009UA.job
[2010/05/26 23:06:11 | 000,002,270 | ---- | M] () -- C:\Documents and Settings\Vi\Desktop\Google Chrome.lnk
[2010/05/26 22:23:34 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Vi\ntuser.ini
[2010/05/26 22:23:09 | 000,000,608 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/26 22:23:09 | 000,000,279 | -HS- | M] () -- C:\boot.ini
[2010/05/26 22:23:09 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/26 18:11:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3846443561-3816410177-4197130686-1009Core.job
[2010/05/26 16:43:42 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shortcut to Yugioh Virtual Desktop 9_1.exe.lnk
[2010/05/23 22:26:00 | 002,655,966 | -H-- | M] () -- C:\Documents and Settings\Vi\Local Settings\Application Data\IconCache.db
[2010/05/21 18:53:16 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Vi\Desktop\Shortcut to th08.exe.lnk
[2010/05/20 18:27:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/16 09:42:51 | 000,423,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/16 09:42:51 | 000,071,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/16 09:42:48 | 000,503,706 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/16 00:41:12 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/15 10:46:15 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Vi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 23:07:51 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/05/08 18:53:17 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/26 23:14:30 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/26 23:06:11 | 000,002,270 | ---- | C] () -- C:\Documents and Settings\Vi\Desktop\Google Chrome.lnk
[2010/05/26 22:24:48 | 2145,865,728 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/21 18:53:16 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Vi\Desktop\Shortcut to th08.exe.lnk
[2010/05/08 18:49:16 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
[2010/02/26 19:56:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/08 20:36:23 | 000,139,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/10/20 20:54:03 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/16 20:08:44 | 000,127,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\ArcHlp.sys
[2009/09/16 20:06:39 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini
[2009/09/16 20:04:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2009/09/16 20:04:23 | 000,002,360 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2009/08/09 22:45:21 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\decdll.dll
[2009/08/09 22:41:48 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/08/04 17:17:56 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/02 23:11:46 | 000,000,388 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2009/01/02 23:03:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2007/07/09 11:58:26 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/07/09 11:58:26 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/06/27 13:11:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2006/07/27 19:18:44 | 000,000,942 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/06/19 17:50:26 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/06/19 17:49:24 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpclj3800g.ini
[2006/06/19 17:45:30 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpclj3800m.ini
[2006/06/11 16:15:07 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2006/06/08 22:31:54 | 000,000,462 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/02 20:02:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/02 19:42:09 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/02 19:36:59 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/02 19:36:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/02 19:31:15 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/02 19:23:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/02 19:14:34 | 000,001,661 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/02 19:13:54 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/02 18:56:46 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/02 18:54:12 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/02 18:54:12 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/02 18:54:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/02 18:54:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/02 18:53:03 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/02 18:32:28 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/02 18:32:28 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/02 18:32:13 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 10:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2004/07/26 00:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2005/07/25 21:39:44 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/30 06:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 06:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/30 06:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >
[2005/12/26 17:21:54 | 007,477,561 | ---- | M] (Intel Corporation ) -- C:\setup_all.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7970265A
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEE39B00
< End of report >


EXTRAS.TXT
OTL Extras logfile created on: 5/31/2010 9:10:11 AM - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Documents and Settings\Vi\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.11 Gb Total Space | 30.96 Gb Free Space | 13.82% Space Free | Partition Type: NTFS
Drive D: | 8.75 Gb Total Space | 0.55 Gb Free Space | 6.25% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 372.60 Gb Total Space | 210.32 Gb Free Space | 56.45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 232.88 Gb Total Space | 130.54 Gb Free Space | 56.05% Space Free | Partition Type: NTFS

Computer Name: VI-M7560Y
Current User Name: Vi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"8370:TCP" = 8370:TCP:*:Enabled:League of Legends Launcher
"8370:UDP" = 8370:UDP:*:Enabled:League of Legends Launcher
"8371:TCP" = 8371:TCP:*:Enabled:League of Legends Launcher
"8371:UDP" = 8371:UDP:*:Enabled:League of Legends Launcher
"8372:TCP" = 8372:TCP:*:Enabled:League of Legends Launcher
"8372:UDP" = 8372:UDP:*:Enabled:League of Legends Launcher
"8373:TCP" = 8373:TCP:*:Enabled:League of Legends Launcher
"8373:UDP" = 8373:UDP:*:Enabled:League of Legends Launcher
"8374:TCP" = 8374:TCP:*:Enabled:League of Legends Launcher
"8374:UDP" = 8374:UDP:*:Enabled:League of Legends Launcher
"8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher
"8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher
"8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher
"8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher
"8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher
"8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher
"8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
"8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"K:\setup\hpznui01.exe" = K:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe" = C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe" = C:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:*:Enabled:Earth 2160 -- (Reality Pump)
"C:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe" = C:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:*:Enabled:Earth 2160 -- (Reality Pump)
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" = C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Documents and Settings\Vi\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe" = C:\Documents and Settings\Vi\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe:*:Enabled:Google Talk, Labs Edition -- (Google)
"C:\Program Files\CyberLink\PowerDirector\PDR.exe" = C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector -- (CyberLink Corp.)
"K:\setup\hpznui01.exe" = K:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0C321D1F-2262-42C2-94C5-5E5765507C72}" = Star Wars Starfighter
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{14CB43A6-27F8-4F6A-A755-782ABD04B0EA}" = Winx Club
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{19FDB8E4-59AD-4330-9667-E8DCAF018DD3}" = Unload
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1C12F7C0-E777-4E43-A595-B9F157163C05}" = Tunguska
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}" = muvee autoProducer 5.0
"{27E395E5-EB04-4BFD-96C3-C9A102E97E1B}" = Intel® Viiv™ Software
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28F9CB51-2F81-40BF-9545-6FD1FCB1AC44}" = Risk II
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer (OpenSBI Edition)
"{29D3773E-54F4-23C2-D523-236A4453B844}_is1" = FileAlyzer
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{322F75E0-71A3-4125-8EB3-761834EDC166}" = Eragon
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4D5795B4-76AC-473B-82DA-0AE6CBB4BD8C}" = HP Color LaserJet 3800
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51D386C4-0227-46A9-AC45-61F0A50E7AFF}" = Rome - Total War
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}" = Everio MediaBrowser
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Cameras 6.0
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5F5FA055-84C1-459B-B0B6-D48D210AE50A}" = Hoyle Casino 2003
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{876D2C17-263E-43FD-A7E2-34428E82F239}" = Google Talk, Labs Edition
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{88B05038-C890-468B-A563-0015FD53CDC3}" = ArcSoft TotalMedia Extreme
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel® Quick Resume Technology Drivers
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D34E42-4C6F-11D5-A76D-006008D256FF}" = Nancy Drew: The Final Scene
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A372D11-5C46-4A78-B9D9-510968EF4D2D}" = HP Laser Gaming Mouse with VoodooDNA
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A202BDBA-753F-41B9-B649-CFB0B45FC03E}" = Star Wars Galactic Battlegrounds
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = PhotoshopdotcomInspirationBrowser
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2E3A2C8-283C-4871-A499-B2711F48D64B}" = Yugioh Virtual Dueling
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = Empire Earth - The Art of Conquest
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7A9964C-A9A7-4714-B494-50067238876E}" = Fantasy Earth Zero
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BE53BB2F-FD8F-48b9-AC90-207D0D8EE028}" = 8500A909a
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB0ABFB-4668-4172-952D-2CEF5C14F4D2}" = Command & Conquer™ The First Decade Patch 1.02
"{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software 1.10.27.1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{DA1CD94B-826A-4bba-AC46-EF352F47BC81}" = InstantShareDevices
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DDD9B4E6-EEB7-4030-B141-F0E0C5429851}" = YVD
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E209F988-EF49-4B3D-84A6-3CBB67F058AC}" = Google SketchUp 7
"{E23361B6-6110-4F55-A831-437879733FB2}" = KarosOnline
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Essentials
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"7-Zip" = 7-Zip 4.65
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"AVG8Uninstall" = AVG Free 8.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BtcMaestro" = HP Wireless Keyboard Driver V1.7 (2.0.W-127AU MUL)
"DISCover" = DISCover
"Dream Chronicles - The Chosen Child" = Dream Chronicles - The Chosen Child (remove only)
"EADM" = EA Download Manager
"Earth 2160" = Earth 2160
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.81
"Free Video Converter_is1" = Free Video Converter V 2.1
"GameSpy Arcade" = GameSpy Arcade
"Halo" = Microsoft Halo
"HandBrake" = Handbrake 0.9.4
"Hauppauge HDPVR Scheduler" = Hauppauge HDPVR Scheduler
"Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"Hoyle Board Games 4" = Hoyle Board Games 4
"HP Color LaserJet 3800" = HP Color LaserJet 3800
"HP Document Manager" = HP Document Manager 2.0
"HP Document Viewer" = HP Document Viewer 6.1
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.1
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPOCR" = OCR Software by I.R.I.S. 12.0
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{5F5FA055-84C1-459B-B0B6-D48D210AE50A}" = Hoyle Casino 2003
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{B7A9964C-A9A7-4714-B494-50067238876E}" = Fantasy Earth Zero
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"Intel® Quick Resume Technology" = Intel® Quick Resume Technology Drivers
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.0 (Basic)
"Lemonade Tycoon 2" = Lemonade Tycoon 2
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"LucasArts' Battle for Naboo" = LucasArts' Battle for Naboo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mysteryville 2" = Mysteryville 2 (remove only)
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Pocket Tanks_is1" = Pocket Tanks v1.3
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"PROSet" = Intel® PRO Network Connections Drivers
"PunkBusterSvc" = PunkBuster Services
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Raganrok Renewal" = Ragnarok Renewal
"Ragnarok Online" = Ragnarok Online
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.1
"StarCraft" = StarCraft
"StarCraft II Beta" = StarCraft II Beta
"Terrapin Logo" = Terrapin Logo (remove only)
"The I of the Dragon" = The I of the Dragon
"Tweak UI 2.10" = Tweak UI
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Windows Media Format Runtime" = Windows Media Format Runtime
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Clash N Slash" = Clash N Slash 1.22
"Clash N Slash Worlds Away" = Clash N Slash Worlds Away 1.03
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/29/2010 8:59:00 PM | Computer Name = VI-M7560Y | Source = nview_info | ID = 11141121
Description =

Error - 5/29/2010 8:59:00 PM | Computer Name = VI-M7560Y | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 2:16:29 AM | Computer Name = VI-M7560Y | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 2:16:29 AM | Computer Name = VI-M7560Y | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 2:16:29 AM | Computer Name = VI-M7560Y | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 2:16:29 AM | Computer Name = VI-M7560Y | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 2:16:29 AM | Computer Name = VI-M7560Y | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 2:16:29 AM | Computer Name = VI-M7560Y | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 2:16:29 AM | Computer Name = VI-M7560Y | Source = nview_info | ID = 11141121
Description =

Error - 5/30/2010 2:16:29 AM | Computer Name = VI-M7560Y | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 5/31/2010 12:01:30 PM | Computer Name = VI-M7560Y | Source = Service Control Manager | ID = 7000
Description = The Windows Audio service failed to start due to the following error:
%%1053

Error - 5/31/2010 12:01:30 PM | Computer Name = VI-M7560Y | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Workstation service to
connect.

Error - 5/31/2010 12:01:30 PM | Computer Name = VI-M7560Y | Source = Service Control Manager | ID = 7000
Description = The Workstation service failed to start due to the following error:
%%1053

Error - 5/31/2010 12:01:30 PM | Computer Name = VI-M7560Y | Source = Service Control Manager | ID = 7001
Description = The Alerter service depends on the Workstation service which failed
to start because of the following error: %%1053

Error - 5/31/2010 12:01:30 PM | Computer Name = VI-M7560Y | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1053

Error - 5/31/2010 12:01:30 PM | Computer Name = VI-M7560Y | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Cryptographic Services
service to connect.

Error - 5/31/2010 12:01:30 PM | Computer Name = VI-M7560Y | Source = Service Control Manager | ID = 7000
Description = The Cryptographic Services service failed to start due to the following
error: %%1053

Error - 5/31/2010 12:02:55 PM | Computer Name = VI-M7560Y | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 5/31/2010 12:05:43 PM | Computer Name = VI-M7560Y | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000007, parameter2 00033abd, parameter3
00000001, parameter4 00000000.

Error - 5/31/2010 12:05:52 PM | Computer Name = VI-M7560Y | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 e52d3000, parameter2 00000000, parameter3
ae75cc3e, parameter4 00000001.


< End of report >



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:51 PM

Posted 31 May 2010 - 12:51 PM

Hi Linus,

Im glad you have been able to get on without using the machine, it makes the process much easier for
me without other changes going on. Im not seeing much wrong in your logs, just some bit's we can clean
up and we will have a look a bit deeper.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O3 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O4 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
    MsConfig - StartUpReg: Aim6 - hkey= - key= - File not found
    MsConfig - StartUpReg: edupcnju - hkey= - key= - C:\Documents and Settings\Vi\Local Settings\Application Data\ibgbhmlsj\yaeoaswtssd.exe File not found
    MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files\Pando Networks\Media Booster\PMB.exe File not found
    MsConfig - StartUpReg: PCDrProfiler - hkey= - key= - File not found
    [2010/05/26 21:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vi\Local Settings\Application Data\xxxxxibgbhmlsjxxxxxx
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7970265A
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEE39B00
    :Reg
    [HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=""
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe from.
  • Copy and paste the contents of mbr.log on your next reply.


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • mbr.log

Thanks

unite.jpg


#5 linus12

linus12
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:California, Bay Area
  • Local time:01:51 PM

Posted 31 May 2010 - 03:55 PM

Hello Syler,

As requested, the three files:

OTL Results (named 05312010_125221.LOG)

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3846443561-3816410177-4197130686-1009\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-3846443561-3816410177-4197130686-1009\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Aim6\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\edupcnju\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Pando Media Booster\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PCDrProfiler\ deleted successfully.
C:\Documents and Settings\Vi\Local Settings\Application Data\xxxxxibgbhmlsjxxxxxx folder moved successfully.
C:\LHT11E.tmp deleted successfully.
C:\LHT12D.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7970265A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EEE39B00 deleted successfully.
========== REGISTRY ==========
HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 31612 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 31612 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 41620 bytes

User: HP_Administrator
->Temp folder emptied: 37859 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4197058 bytes
->FireFox cache emptied: 6702067 bytes
->Flash cache emptied: 1226 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78715163 bytes

User: Vi
->Temp folder emptied: 4721931336 bytes
->Temporary Internet Files folder emptied: 728393199 bytes
->Java cache emptied: 21554349 bytes
->FireFox cache emptied: 40662839 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 2192032 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5523739 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 31612 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2897834506 bytes

Total Files Cleaned = 8,115.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: HP_Administrator

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Vi
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.5.2 log created on 05312010_125221

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



============================================================================

New OTL log

OTL logfile created on: 5/31/2010 1:37:11 PM - Run 2
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Documents and Settings\Vi\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.11 Gb Total Space | 38.52 Gb Free Space | 17.19% Space Free | Partition Type: NTFS
Drive D: | 8.75 Gb Total Space | 0.55 Gb Free Space | 6.25% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 372.60 Gb Total Space | 210.32 Gb Free Space | 56.45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 232.88 Gb Total Space | 130.54 Gb Free Space | 56.05% Space Free | Partition Type: NTFS

Computer Name: VI-M7560Y
Current User Name: Vi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/31 08:53:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vi\Desktop\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 17:42:34 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/08/24 10:54:26 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/24 10:54:01 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/13 19:02:34 | 000,357,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2009/08/13 18:59:22 | 003,161,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2009/08/13 18:38:26 | 000,473,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
PRC - [2009/08/13 18:37:56 | 001,573,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2009/08/13 18:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009/08/13 18:37:34 | 000,523,784 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
PRC - [2009/08/13 18:37:24 | 000,676,360 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/03 15:04:22 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
PRC - [2008/08/01 10:55:40 | 000,323,584 | ---- | M] () -- C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe
PRC - [2008/07/31 16:35:04 | 000,303,104 | ---- | M] () -- C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\Tray.exe
PRC - [2008/06/24 03:20:36 | 000,094,704 | ---- | M] (Google) -- C:\Documents and Settings\Vi\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/06/02 19:51:23 | 001,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/06/02 19:13:12 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/02/21 09:59:00 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/02/21 09:58:34 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/02/15 15:34:58 | 000,249,856 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
PRC - [2005/11/08 07:51:54 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
PRC - [2005/09/09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2004/08/09 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/31 08:53:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vi\Desktop\OTL.exe
MOD - [2009/09/27 19:20:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2009/09/24 00:45:14 | 001,624,680 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/09 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/24 10:54:01 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/12 17:19:48 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/06/02 19:51:23 | 001,119,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/05/15 18:24:33 | 002,086,592 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/05/15 18:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/03/23 16:44:04 | 000,169,632 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/23 16:43:52 | 000,192,160 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/21 09:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/11/08 07:51:54 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService)
SRV - [2005/09/09 19:09:28 | 002,066,024 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005/09/09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2004/12/13 15:30:08 | 000,079,472 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2002/12/17 10:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)


========== Driver Services (SafeList) ==========

DRV - [2010/01/24 17:28:17 | 000,139,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/10/02 14:46:00 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)
DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/24 10:54:26 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/24 10:54:26 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/14 16:35:30 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/04/01 05:57:00 | 000,157,184 | R--- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwhdpvr.sys -- (hcwhdpvr)
DRV - [2009/02/19 15:22:52 | 000,127,744 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ArcHlp.sys -- (archlp)
DRV - [2008/05/12 19:06:18 | 000,010,112 | ---- | M] (Primax Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gamingms.sys -- (GamingMsFltr)
DRV - [2007/07/09 11:58:26 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/07/09 11:58:26 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/02/17 03:22:30 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2006/06/08 23:22:41 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/06/08 21:57:09 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/04/20 07:35:16 | 000,082,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxfalcon.sys -- (CXFALCON)
DRV - [2006/03/08 06:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/21 09:44:30 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/11/08 07:51:40 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/08 07:51:38 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/11/08 07:51:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/11/08 07:51:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/11/08 07:51:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/09/09 19:09:20 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005/09/09 19:09:20 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005/06/29 10:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/02/04 11:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2004/01/05 11:01:20 | 001,080,832 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpusbwdm.sys -- (hpusbwdm)
DRV - [2003/11/05 00:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.80
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 11:53:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/01/04 21:37:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 11:55:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/27 23:03:36 | 000,000,000 | ---D | M]

[2008/12/15 17:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi\Application Data\Mozilla\Extensions
[2010/05/28 21:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi\Application Data\Mozilla\Firefox\Profiles\5jed6s9i.default\extensions
[2010/05/28 12:06:13 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Vi\Application Data\Mozilla\Firefox\Profiles\5jed6s9i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/04/16 19:09:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Vi\Application Data\Mozilla\Firefox\Profiles\5jed6s9i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/28 12:06:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Vi\Application Data\Mozilla\Firefox\Profiles\5jed6s9i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/28 12:06:12 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Vi\Application Data\Mozilla\Firefox\Profiles\5jed6s9i.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/01/08 20:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi\Application Data\Mozilla\Firefox\Profiles\5jed6s9i.default\extensions\battlefieldheroespatcher@ea.com
[2010/04/13 18:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vi\Application Data\Mozilla\Firefox\Profiles\5jed6s9i.default\extensions\personas@christopher.beard
[2010/01/04 20:41:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/11/21 22:45:40 | 000,002,038 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml

O1 HOSTS File: ([2004/08/09 21:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP VoodooDNA Mouse] C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe ()
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MBCameraMonitor.lnk = C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Vi\Start Menu\Programs\Startup\Google Talk, Labs Edition.lnk = C:\Documents and Settings\Vi\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe (Google)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 03 00 00 00 [binary data]
O7 - HKU\S-1-5-21-3846443561-3816410177-4197130686-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF 03 [binary data]
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1264138020595 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1264138006501 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.178 68.87.78.130
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Vi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/02 19:31:01 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/31 12:52:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/31 09:07:57 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vi\Desktop\OTL.exe
[2010/05/29 02:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2010/05/12 19:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Touhou
[2010/05/12 19:37:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/05/11 21:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vi\Application Data\LolClient
[2010/05/08 18:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Beta
[2010/05/08 18:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vi\My Documents\StarCraft II Beta
[2010/05/08 18:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vi\Local Settings\Application Data\Blizzard Entertainment
[2010/05/08 18:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Starcraft2

========== Files - Modified Within 30 Days ==========

[2010/05/31 13:35:14 | 000,254,308 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/31 13:31:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/31 13:31:11 | 2145,865,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/31 13:30:12 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Vi\NTUSER.DAT
[2010/05/31 12:23:20 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Vi\Desktop\mbr.exe
[2010/05/31 09:05:26 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/05/31 09:00:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/31 08:53:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vi\Desktop\OTL.exe
[2010/05/29 09:11:32 | 060,497,836 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/27 21:24:41 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/26 23:14:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/26 23:14:30 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/26 23:11:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3846443561-3816410177-4197130686-1009UA.job
[2010/05/26 23:06:11 | 000,002,270 | ---- | M] () -- C:\Documents and Settings\Vi\Desktop\Google Chrome.lnk
[2010/05/26 22:23:34 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Vi\ntuser.ini
[2010/05/26 22:23:09 | 000,000,608 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/26 22:23:09 | 000,000,279 | -HS- | M] () -- C:\boot.ini
[2010/05/26 22:23:09 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/26 18:11:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3846443561-3816410177-4197130686-1009Core.job
[2010/05/26 16:43:42 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shortcut to Yugioh Virtual Desktop 9_1.exe.lnk
[2010/05/23 22:26:00 | 002,655,966 | -H-- | M] () -- C:\Documents and Settings\Vi\Local Settings\Application Data\IconCache.db
[2010/05/21 18:53:16 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Vi\Desktop\Shortcut to th08.exe.lnk
[2010/05/20 18:27:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/16 09:42:51 | 000,423,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/16 09:42:51 | 000,071,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/16 09:42:48 | 000,503,706 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/16 00:41:12 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/15 10:46:15 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Vi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 23:07:51 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/05/08 18:53:17 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk

========== Files Created - No Company Name ==========

[2010/05/31 12:50:23 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Vi\Desktop\mbr.exe
[2010/05/26 23:14:30 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/26 23:06:11 | 000,002,270 | ---- | C] () -- C:\Documents and Settings\Vi\Desktop\Google Chrome.lnk
[2010/05/26 22:24:48 | 2145,865,728 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/21 18:53:16 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Vi\Desktop\Shortcut to th08.exe.lnk
[2010/05/08 18:49:16 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
[2010/02/26 19:56:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/08 20:36:23 | 000,139,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/10/20 20:54:03 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/16 20:08:44 | 000,127,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\ArcHlp.sys
[2009/09/16 20:06:39 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini
[2009/09/16 20:04:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2009/09/16 20:04:23 | 000,002,360 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2009/08/09 22:45:21 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\decdll.dll
[2009/08/09 22:41:48 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/08/04 17:17:56 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/01/02 23:11:46 | 000,000,388 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2009/01/02 23:03:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2007/07/09 11:58:26 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/07/09 11:58:26 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/06/27 13:11:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2006/07/27 19:18:44 | 000,000,942 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/06/19 17:50:26 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/06/19 17:49:24 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpclj3800g.ini
[2006/06/19 17:45:30 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpclj3800m.ini
[2006/06/11 16:15:07 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2006/06/08 22:31:54 | 000,000,462 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/02 20:02:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/02 19:42:09 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/02 19:36:59 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/02 19:36:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/02 19:31:15 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/02 19:23:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/02 19:14:34 | 000,001,661 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/02 19:13:54 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/02 18:56:46 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/02 18:54:12 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/02 18:54:12 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/02 18:54:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/02 18:54:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/02 18:53:03 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/02 18:32:28 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/02 18:32:28 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/02 18:32:13 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 10:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2004/07/26 00:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
< End of report >
=============================================================================

MBR.log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89D1CD01]<<
kernel: MBR read successfully
user & kernel MBR OK


Looking forward to your next post



#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:51 PM

Posted 31 May 2010 - 04:00 PM

Hi again,
  • Go to Kaspersky and Download TDSSKiller.zip.
  • Extract the contents of TDSSKiller.zip to your Desktop.
  • Double click on TDSSKiller.exe to run it.
  • If it finds something and asks you what to do, follow the instructions to type in "delete".
  • When done, a log file should be created on your C: drive called TDSSKiller.txt(with time+date appended) please post this log in your next reply.

unite.jpg


#7 linus12

linus12
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:California, Bay Area
  • Local time:01:51 PM

Posted 31 May 2010 - 04:23 PM

Hi again,

Thanks for the quick response. I know we may not be out of the woods yet, but the reboot after the RootKit killer was much faster, I got the boot up "sounds" back, the network connected, and the "Themes" are back.

Here's the output from the TDSSKiller.2.3.2.0_31.05.2010_14.11.51_log.txt file:

14:11:51:734 3724 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
14:11:51:734 3724 ================================================================================
14:11:51:734 3724 SystemInfo:

14:11:51:734 3724 OS Version: 5.1.2600 ServicePack: 2.0
14:11:51:734 3724 Product type: Workstation
14:11:51:734 3724 ComputerName: VI-M7560Y
14:11:51:734 3724 UserName: Vi
14:11:51:734 3724 Windows directory: C:\WINDOWS
14:11:51:734 3724 Processor architecture: Intel x86
14:11:51:734 3724 Number of processors: 2
14:11:51:734 3724 Page size: 0x1000
14:11:51:734 3724 Boot type: Normal boot
14:11:51:734 3724 ================================================================================
14:11:51:968 3724 Initialize success
14:11:51:968 3724
14:11:51:968 3724 Scanning Services ...
14:11:52:437 3724 Raw services enum returned 381 services
14:11:52:453 3724
14:11:52:453 3724 Scanning Drivers ...
14:11:53:218 3724 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:11:53:265 3724 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:11:53:328 3724 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
14:11:53:390 3724 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
14:11:53:406 3724 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
14:11:53:500 3724 archlp (d781cb30626ff2f391bc9ec6e20801b9) C:\WINDOWS\system32\drivers\archlp.sys
14:11:53:515 3724 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:11:53:578 3724 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:11:53:609 3724 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:11:53:671 3724 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys
14:11:53:687 3724 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:11:53:718 3724 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:11:53:765 3724 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
14:11:53:781 3724 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
14:11:53:781 3724 bb-run (3731ebdbee7185491cb51915d3b11a27) C:\WINDOWS\system32\DRIVERS\bb-run.sys
14:11:53:781 3724 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\bb-run.sys. Real md5: 3731ebdbee7185491cb51915d3b11a27, Fake md5: 7270d070173b20ac9487ea16bb08b45f
14:11:53:781 3724 File "C:\WINDOWS\system32\DRIVERS\bb-run.sys" infected by TDSS rootkit ... 14:11:54:062 3724 Backup copy found, using it..
14:11:54:062 3724 will be cured on next reboot
14:11:54:171 3724 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:11:54:187 3724 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:11:54:218 3724 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:11:54:265 3724 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:11:54:281 3724 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
14:11:54:296 3724 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:11:54:375 3724 CXFALCON (b083323430c780f91fbd064ce19a7a6b) C:\WINDOWS\system32\drivers\cxfalcon.sys
14:11:54:390 3724 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
14:11:54:453 3724 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
14:11:54:500 3724 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
14:11:54:500 3724 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:11:54:562 3724 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
14:11:54:625 3724 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
14:11:54:671 3724 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:11:54:734 3724 ELacpi (1976fedf6d7f87135c9b7f5cb4c8c868) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
14:11:54:796 3724 ELhid (ae65c02444907966378454138b9f99f0) C:\WINDOWS\system32\DRIVERS\ELhid.sys
14:11:54:796 3724 ELkbd (e485c3ba1daddeef3e14fea1e8fda6e1) C:\WINDOWS\system32\DRIVERS\ELkbd.sys
14:11:54:812 3724 ELmon (0d87cb825ed6cb2ebcc147a10a42f1d6) C:\WINDOWS\system32\DRIVERS\ELmon.sys
14:11:54:859 3724 ELmou (a4add3847b67bacab6fc851a2b60fdb3) C:\WINDOWS\system32\DRIVERS\ELmou.sys
14:11:54:875 3724 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
14:11:54:921 3724 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
14:11:54:937 3724 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
14:11:55:000 3724 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:11:55:078 3724 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:11:55:078 3724 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:11:55:093 3724 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:11:55:093 3724 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
14:11:55:140 3724 GamingMsFltr (b9a69cfac89fd6cbf9ee55f0dba80f57) C:\WINDOWS\system32\drivers\gamingms.sys
14:11:55:171 3724 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:11:55:203 3724 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:11:55:250 3724 hcwhdpvr (127d4434658c35effd265ec486c9dc3a) C:\WINDOWS\system32\DRIVERS\hcwhdpvr.sys
14:11:55:390 3724 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:11:55:390 3724 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:11:55:484 3724 hpusbwdm (10c702ade3106fa20dd36497f678c2df) C:\WINDOWS\system32\DRIVERS\hpusbwdm.sys
14:11:55:531 3724 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
14:11:55:562 3724 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:11:55:609 3724 iaStor (88b1943ecff661f765228099138cf6ab) C:\WINDOWS\system32\DRIVERS\iaStor.sys
14:11:55:640 3724 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:11:55:828 3724 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:11:56:000 3724 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:11:56:046 3724 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:11:56:078 3724 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:11:56:078 3724 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:11:56:078 3724 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:11:56:140 3724 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:11:56:156 3724 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:11:56:156 3724 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:11:56:187 3724 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:11:56:218 3724 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:11:56:281 3724 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:11:56:421 3724 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
14:11:56:500 3724 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
14:11:56:500 3724 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
14:11:56:562 3724 LGBusEnum (4d29522a2c0ac9847fb2e628ba067583) C:\WINDOWS\system32\drivers\LGBusEnum.sys
14:11:56:609 3724 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
14:11:56:656 3724 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
14:11:56:687 3724 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
14:11:56:687 3724 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:11:56:687 3724 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
14:11:56:734 3724 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:11:56:781 3724 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:11:56:812 3724 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
14:11:56:859 3724 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
14:11:56:906 3724 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:11:56:968 3724 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:11:57:031 3724 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
14:11:57:093 3724 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:11:57:125 3724 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:11:57:187 3724 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
14:11:57:187 3724 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:11:57:218 3724 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
14:11:57:234 3724 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
14:11:57:265 3724 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:11:57:265 3724 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
14:11:57:281 3724 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:11:57:296 3724 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:11:57:359 3724 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:11:57:390 3724 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:11:57:390 3724 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
14:11:57:484 3724 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:11:57:515 3724 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:11:57:546 3724 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:11:57:562 3724 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
14:11:57:609 3724 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
14:11:57:656 3724 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:11:57:921 3724 nv (4c3696c1ed1a36629ebb348bf745a328) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:11:58:125 3724 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:11:58:140 3724 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:11:58:156 3724 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:11:58:156 3724 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
14:11:58:171 3724 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
14:11:58:171 3724 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:11:58:265 3724 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
14:11:58:328 3724 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:11:58:343 3724 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:11:58:437 3724 PnkBstrK (caa22e99f5fb2ebbc202e1860504cad9) C:\WINDOWS\system32\drivers\PnkBstrK.sys
14:11:58:437 3724 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:11:58:453 3724 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
14:11:58:484 3724 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:11:58:515 3724 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:11:58:562 3724 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:11:58:640 3724 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:11:58:687 3724 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:11:58:703 3724 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:11:58:765 3724 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:11:58:781 3724 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:11:58:796 3724 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:11:58:859 3724 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
14:11:58:875 3724 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:11:58:921 3724 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
14:11:58:953 3724 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:11:59:015 3724 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
14:11:59:031 3724 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:11:59:156 3724 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:11:59:343 3724 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
14:11:59:531 3724 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
14:11:59:781 3724 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
14:12:00:078 3724 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
14:12:00:171 3724 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:12:00:187 3724 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:12:00:234 3724 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
14:12:00:312 3724 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
14:12:00:359 3724 SymSnap (fea2d66aeb341e11fad6ff2d50b8ca40) C:\WINDOWS\system32\drivers\SymSnap.sys
14:12:00:406 3724 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
14:12:00:484 3724 Tcpip (1dbf125862891817f374f407626967f4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:12:00:515 3724 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:12:00:531 3724 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
14:12:00:562 3724 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:12:00:609 3724 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINDOWS\system32\drivers\tiehdusb.sys
14:12:00:656 3724 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
14:12:00:718 3724 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
14:12:00:781 3724 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:12:00:843 3724 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
14:12:00:890 3724 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:12:00:953 3724 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:12:00:968 3724 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:12:01:031 3724 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys
14:12:01:062 3724 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:12:01:109 3724 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:12:01:140 3724 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:12:01:171 3724 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:12:01:234 3724 usb_rndisx (ae4df3b7d1db9373b08db4ed224e26b6) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
14:12:01:281 3724 V2IMount (deea641cc5f87867759856a52cbc0999) C:\WINDOWS\system32\drivers\V2IMount.sys
14:12:01:312 3724 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
14:12:01:375 3724 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:12:01:375 3724 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
14:12:01:390 3724 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:12:01:437 3724 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
14:12:01:515 3724 Wdf01000 (060e8cb99cc0a6751db5810c042b0d45) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:12:01:578 3724 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
14:12:01:640 3724 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
14:12:01:703 3724 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
14:12:01:734 3724 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys
14:12:01:734 3724 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
14:12:01:765 3724 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:12:01:859 3724 xusb21 (eb7ae2dc574734bc0bf24be0ada76f2b) C:\WINDOWS\system32\DRIVERS\xusb21.sys
14:12:01:859 3724 Reboot required for cure complete..
14:12:02:250 3724 Cure on reboot scheduled successfully
14:12:02:250 3724
14:12:02:250 3724 Completed
14:12:02:250 3724
14:12:02:250 3724 Results:
14:12:02:250 3724 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:12:02:250 3724 File objects infected / cured / cured on reboot: 1 / 0 / 1
14:12:02:250 3724
14:12:02:250 3724 KLMD(ARK) unloaded successfully

=============================================================================
Let me know what to do next!


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:51 PM

Posted 31 May 2010 - 04:30 PM

Great, it looks like we successfully killed it, let do another check.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#9 linus12

linus12
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:California, Bay Area
  • Local time:01:51 PM

Posted 31 May 2010 - 05:34 PM

Back again, with mixed news:


It's not pretty trying to stop AVG, but since I was on 8.5 and a new 9.0 is available, I just uninstalled it for now. After uninstalling, I rebooted.

I ran ComboFix and instructed. It ran but then all of the started services and items in the system try started "stopping due to an error" with requests to send them to the bitbucket at Microsoft. I waited for Combofix to end completely and then said "No" to all of them.

I am left with the "Sound" icon and the "Safely remove hardware" icon in the system tray.

But Combofix did finish. (The Recovery Console was already installed on this PC). Attached is the log file.

Just wondering if I should reboot before doing anything in the next step. Let me know.

Thanks for spending so much time on this!!!!


ComboFix 10-05-31.02 - Vi 05/31/2010 15:13:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1537 [GMT -7:00]
Running from: c:\documents and settings\Vi\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://wwj+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|CvOCALS~1\Temp\GUR3.exeGoogle Update
.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-31 19:52 . 2010-05-31 19:52 -------- d-----w- C:\_OTL
2010-05-23 01:05 . 2010-05-23 01:05 48388 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-05-13 02:48 . 2010-05-13 02:48 -------- d-----w- c:\program files\Touhou
2010-05-13 02:37 . 2010-05-13 02:37 -------- d--h--w- c:\windows\PIF
2010-05-12 04:02 . 2010-05-12 04:02 -------- d-----w- c:\documents and settings\Vi\Application Data\LolClient
2010-05-09 01:49 . 2010-05-23 01:04 -------- d-----w- c:\program files\StarCraft II Beta
2010-05-09 01:49 . 2010-05-09 01:53 -------- d-----w- c:\documents and settings\Vi\Local Settings\Application Data\Blizzard Entertainment
2010-05-09 01:04 . 2010-05-09 01:05 -------- d-----w- c:\program files\Starcraft2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 22:08 . 2009-12-22 00:40 -------- d-----w- c:\documents and settings\Vi\Application Data\Skype
2010-05-31 21:13 . 2003-11-05 07:45 17408 ----a-w- c:\windows\system32\drivers\bb-run.sys
2010-05-31 16:06 . 2010-01-14 05:12 -------- d-----w- c:\documents and settings\Vi\Application Data\skypePM
2010-05-28 06:03 . 2010-03-08 01:08 -------- d-----w- c:\program files\Pando Networks
2010-05-27 06:16 . 2009-02-27 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-25 03:13 . 2010-03-04 05:11 439816 ----a-w- c:\documents and settings\Vi\Application Data\Real\Update\setup3.10\setup.exe
2010-05-23 01:05 . 2010-02-10 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-21 22:36 . 2009-11-28 07:21 -------- d-----w- c:\program files\LuminaRO
2010-05-21 06:29 . 2010-04-08 03:46 -------- d-----w- c:\program files\YVD
2010-05-14 06:07 . 2006-06-11 22:09 10 ----a-w- c:\windows\popcinfo.dat
2010-05-09 01:53 . 2007-02-03 02:04 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-29 22:39 . 2009-02-27 18:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-02-27 18:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 03:06 . 2010-04-29 03:05 -------- d-----w- c:\program files\iTunes
2010-04-29 03:05 . 2010-04-29 03:05 -------- d-----w- c:\program files\iPod
2010-04-29 03:05 . 2008-06-10 00:49 -------- d-----w- c:\program files\Common Files\Apple
2010-04-29 02:58 . 2010-04-29 02:58 -------- d-----w- c:\program files\Bonjour
2010-04-29 02:56 . 2010-04-29 02:56 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-28 03:45 . 2007-02-09 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-04-28 03:45 . 2006-06-20 01:03 -------- d-----w- c:\program files\Yahoo!
2010-04-28 03:44 . 2010-04-28 03:44 862872 ------w- c:\documents and settings\Vi\Application Data\Yahoo!\SearchProtection\fudogs_2.0.1.13_msgr_bts_setup.2010.04.01.01.exe
2010-04-28 01:48 . 2010-04-28 01:48 -------- d-----w- c:\program files\Common Files\Skype
2010-04-17 00:10 . 2010-04-16 22:59 -------- d-----w- c:\program files\StarCraft
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-07 06:43 . 2009-09-19 22:30 71140 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-07 05:14 . 2006-06-03 02:12 97728 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-06-10 05:40 . 2006-06-10 05:40 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Vi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-10 133104]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-24 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-28 13918208]
"HP VoodooDNA Mouse"="c:\program files\HP Laser Gaming Mouse with VoodooDNA\hid.exe" [2008-08-01 323584]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-14 357384]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-14 1573384]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-14 3161608]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-03 180269]

c:\documents and settings\Vi\Start Menu\Programs\Startup\
Google Talk, Labs Edition.lnk - c:\documents and settings\Vi\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe [2008-6-24 94704]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
MBCameraMonitor.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2009-6-14 541976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-09 08:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtcMaestro]
2005-02-21 05:53 245760 ------w- c:\program files\HP Wireless Keyboard\Kmaestro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2006-03-23 23:43 53408 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2006-03-16 02:12 1077248 ----a-w- c:\program files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
2006-03-16 02:11 61440 ----a-w- c:\program files\DISC\DISCUpdMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
2006-03-20 09:05 90112 ----a-w- c:\program files\HP DigitalMedia Archive\DMAScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-01-09 20:11 3321856 ----a-w- c:\program files\EA Games\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 21:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 21:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 18:18 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 23:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
2005-09-10 02:09 1537648 ----a-w- c:\program files\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2004-12-14 02:23 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-10-12 11:10 49263 ----a-w- c:\program files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-06-03 02:13 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"SCardSvr"=3 (0x3)
"Norton Ghost"=3 (0x3)
"LiveUpdate"=3 (0x3)
"Fax"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Reality Pump\\Earth 2160\\Earth2160_NO_SSE.exe"=
"c:\\Program Files\\Reality Pump\\Earth 2160\\Earth2160_SSE.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Vi\\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8373:TCP"= 8373:TCP:League of Legends Launcher
"8373:UDP"= 8373:UDP:League of Legends Launcher
"8374:TCP"= 8374:TCP:League of Legends Launcher
"8374:UDP"= 8374:UDP:League of Legends Launcher
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher

R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [9/16/2009 8:08 PM 127744]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/21/2008 10:45 PM 24652]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [6/2/2006 6:54 PM 82048]
R3 GamingMsFltr;HP Laser Mouse with VoodooDNA;c:\windows\system32\drivers\gamingms.sys [12/14/2009 8:24 PM 10112]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [7/14/2009 4:35 PM 19720]
S3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\drivers\hcwhdpvr.sys [9/16/2009 8:02 PM 157184]
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000;c:\windows\system32\drivers\hpusbwdm.sys [1/5/2004 11:01 AM 1080832]
S3 XDva309;XDva309;\??\c:\windows\system32\XDva309.sys --> c:\windows\system32\XDva309.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 20:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3846443561-3816410177-4197130686-1009Core.job
- c:\documents and settings\Vi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-10 23:36]

2010-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3846443561-3816410177-4197130686-1009UA.job
- c:\documents and settings\Vi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-10 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Vi\Application Data\Mozilla\Firefox\Profiles\5jed6s9i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\documents and settings\Vi\Application Data\Mozilla\Firefox\Profiles\5jed6s9i.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Vi\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\Vi\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-klmdb.sys



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3846443561-3816410177-4197130686-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3846443561-3816410177-4197130686-1009\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c7,0c,84,de,1b,49,92,a6,49,34,49,a0,13,58,bc,17,70,9a,cb,47,89,ed,53,
83,0e,b2,4a,76,f4,15,86,81,94,42,a9,6a,af,94,c0,af,6e,03,9f,23,35,64,e4,0a,\
"??"=hex:47,91,f5,ed,c9,5a,ea,63,af,11,c9,f8,95,b3,2d,30

[HKEY_USERS\S-1-5-21-3846443561-3816410177-4197130686-1009\Software\SecuROM\License information*]
"datasecu"=hex:94,31,08,e9,88,c9,8a,29,d0,77,cc,0b,f9,c7,9f,ca,6b,c9,02,dc,20,
24,a7,3c,b1,dd,46,ef,03,ea,ed,46,47,73,4d,81,d7,c5,b9,bc,aa,97,97,6c,68,56,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
Completion time: 2010-05-31 15:23:54
ComboFix-quarantined-files.txt 2010-05-31 22:23

Pre-Run: 41,907,138,560 bytes free
Post-Run: 41,868,603,392 bytes free

- - End Of File - - F72E67BCBB06B545DBF5C4F08BF28B47


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:51 PM

Posted 01 June 2010 - 06:47 AM

Im not sure why you got all them errors, combofix doesn't appear to have had any problems, if you haven't
already done so then please reboot before these next steps, and let me know if you have the icons back.


You don't have the latest version of Java, you should run JavaRa to clean up any older Java, then
download and install the latest version from here.

Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:
    Remove Useless JRE Files
    Remove Startup Entry
  • Click Go then ok to all the prompts, once done restart your computer.



You have Viewpoint installed, Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then please post back here with the following logs:
  • ESET report
  • New DDS log

Thanks

unite.jpg


#11 linus12

linus12
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:California, Bay Area
  • Local time:01:51 PM

Posted 01 June 2010 - 12:33 PM

Hi Syler,

Last night I rebooted and Installed AVG 9, I know I shouldn't install new software, but with the machine connected to the network, I just don't feel right about having nothing on there.

I ran JavaRa, and rebooted as requested. I then installed the latest Java from the link you provided.

I deleted the Viewpoint Media Player (the others were not present).

I then ran the ESTOnlineScanner.

The Scanner has been running for over 2 hours now, still sitting at 99%, no errors found, and the file it lists is a 6k ".rtf" file.... The CPU activity is low, about 3% total with System Idle at a constant 95%. There is some disk activity, but not really much.

Should I just press "Stop" on the scanner? or should I let it run a bit more? crazy.gif

Update: Ok, it has now been over 3 hours and it actually increased the number of files from just over 40K to 80k... of course the % complete still says 99%! I'll report back when it has finished.

Edited by linus12, 01 June 2010 - 01:27 PM.


#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:51 PM

Posted 01 June 2010 - 02:48 PM

Hi Linus,

You can just stop the scan if it hasn't already finished then just post a new DDS log, thanks.

unite.jpg


#13 linus12

linus12
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:California, Bay Area
  • Local time:01:51 PM

Posted 01 June 2010 - 06:53 PM

Hi Syler,

Wish I had seen your post earlier, sigh. (Guess I should check my e-mail more often!) Anyway, the scan finally finished, but gave me no option to print/export the results. But here are the particulars:

Scanned Files: 247621
Infected Files: 0
Cleared Files: 0
Total Scan Time: 07:21:55
Scan Status: Finished

I then ran the DDS script and the DDS Log file is below:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Vi at 16:29:25.48 on Tue 06/01/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1362 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\Tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Vi\Desktop\VirusFight 2010-05-31\10\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Google Update] "c:\documents and settings\vi\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HP VoodooDNA Mouse] "c:\program files\hp laser gaming mouse with voodoodna\hid.exe"
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\vi\startm~1\programs\startup\google~1.lnk - c:\documents and settings\vi\local settings\application data\google\google talk, labs edition\GoogleTalkLabsEdition.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mbcame~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264138020595
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264138006501
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\vi\applic~1\mozilla\firefox\profiles\5jed6s9i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\vi\application data\mozilla\firefox\profiles\5jed6s9i.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\vi\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\vi\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2009-9-16 127744]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-31 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-31 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-31 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-31 308064]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-6-2 1119888]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2006-6-2 82048]
R3 GamingMsFltr;HP Laser Mouse with VoodooDNA;c:\windows\system32\drivers\gamingms.sys [2009-12-14 10112]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-7-14 19720]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-31 430152]
S3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\drivers\hcwhdpvr.sys [2009-9-16 157184]
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000;c:\windows\system32\drivers\hpusbwdm.sys [2004-1-5 1080832]
S3 XDva309;XDva309;\??\c:\windows\system32\xdva309.sys --> c:\windows\system32\XDva309.sys [?]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-9-16 192160]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-9-16 169632]

=============== Created Last 30 ================

2010-06-01 16:35:10 0 d-----w- c:\program files\World of Warcraft
2010-06-01 15:17:39 0 d-----w- c:\program files\ESET
2010-06-01 15:08:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-01 15:08:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-01 02:35:04 0 d--h--w- C:\$AVG
2010-06-01 02:34:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-01 02:34:49 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-01 02:34:43 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-01 02:34:34 0 d-----w- c:\windows\system32\drivers\Avg
2010-06-01 02:34:29 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-06-01 02:31:01 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-05-31 22:09:47 77312 ----a-w- c:\windows\MBR.exe
2010-05-31 22:09:47 256512 ----a-w- c:\windows\PEV.exe
2010-05-31 22:09:46 98816 ----a-w- c:\windows\sed.exe
2010-05-31 22:09:46 161792 ----a-w- c:\windows\SWREG.exe
2010-05-31 22:09:41 0 d-----w- C:\ComboFix
2010-05-31 19:52:21 0 d-----w- C:\_OTL
2010-05-13 02:48:14 0 d-----w- c:\program files\Touhou
2010-05-13 02:37:41 0 d--h--w- c:\windows\PIF
2010-05-12 04:02:12 0 d-----w- c:\docume~1\vi\applic~1\LolClient
2010-05-09 01:49:16 0 d-----w- c:\program files\StarCraft II Beta
2010-05-09 01:04:12 0 d-----w- c:\program files\Starcraft2

==================== Find3M ====================

2010-05-31 21:13:27 17408 ----a-w- c:\windows\system32\drivers\bb-run.sys
2010-04-29 22:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 20:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-07 06:43:39 71140 ---ha-w- c:\windows\system32\mlfcache.dat
2006-06-10 05:40:28 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 16:30:31.34 ===============


#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:51 PM

Posted 02 June 2010 - 02:17 AM

Hello Linus,

I am glad to say that your logs are looking fine to me now, im sure that will make your
son happy now that he can get back on his computer again. Here are some final cleanup
steps and prevention tips.


Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /uninstall in the run box and click OK. Note the space between the X and the /, it needs to be there.



Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Congratulations! You now appear clean! thumbup.gif


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Update Windows
You don't have the latest service pack for windows, The service packs patch security vulnerabilities found
in windows. You should keep these upto date to keep you protected against malware, that can take
advantage of these security vulnerabilities to attack your system.The latest service pack is SP3,
Click on Start >> All programs >> Windows update then select Express
and allow it to install all updates including SP3.
Note: If it prompts you to install an ActiveX control allow it to install it.

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware
to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed
applications that are regularly patched to fix vulnerabilities. You can check these by visiting
Calendar of Updates or you can install Secunia PSI.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall
your computer is susceptible to being hacked and taken over. Windows firewall is good for blocking inbound
connections but it does not block outbound connections. So if Malware manages to get onto your computer it
will be able to send data out when it wants. Here are some free firewalls, you only need to install one of these.

Zone Alarm
Outpost
PC Tools

After you install the third party firewall disable your Windows firewall. Go to My Computer >> Control Panel >> Windows Firewall
and choose Off (not recommended) option. Then click Apply and Ok.

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically
mean that, what you are doing will not make a permenant changes to your system, unless you allow it too.
So you can be surfing the web inside Sandboxie then if you happen to stumble upon a bad site and get
infected, you can simply delete the Sanbox and all is gone. Having said that, it can not be considered 100%
secure as no program can be, but it can be a great help and is an excellent program. You can find a download
link and more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install
Firefox and install some addons that will make the browser even safer. You can download the latest version
of Firefox here, if you already have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

Edited by syler, 02 June 2010 - 02:39 AM.

unite.jpg


#15 linus12

linus12
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Location:California, Bay Area
  • Local time:01:51 PM

Posted 02 June 2010 - 12:33 PM

Syler, thumbup.gif

Thanks so much for your help. clapping.gif The PC has been backed up, so worse case we will have someplace to restore to in the future (A disc image backup!). Also it will be backed up on a regular basis, with the files stored offline (hopefully). Thanks for all that you have done, thumbup2.gif I can tell you've worked a few evenings on not only this problem but the others as well.

We are most grateful.

Linus

P.S. Feel free to close this one, no sense leaving it open and messing around with the statistics!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users