Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search redirect - Firefox ONLY


  • This topic is locked This topic is locked
27 replies to this topic

#1 thetiby

thetiby

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 22 July 2010 - 09:17 AM

Hi there,

I've been trying to get rid of this for days now. I have installed, updated and ran MBAM and SUPERAntiSpyware about 3 times each, using both quick and full scans. Found some browser viruses - exactly what I thought was my problem.
It look good yesterday, but today I got the same redirect behavior again. These seem random, on any query, taking me to a blank page - without a page title, supposedly waiting for some website to load. (the most common one I've seen in the status bar is p.brling.com) - if not the blank tab, then it takes me to a very 'crafty' fake antivirals scan page that jumps right to forcing a download in a few seconds - forgot it's name, this doesn't happen that often. (of course, I exit ASAP when it happens)

So I ran MBAM and superantispyware a couple of times again, found some bad stuff again, deleted it. At first glance I thought I got rid of it. Now it only happens sporadically, on some queries (not specifically virus related), but it still happens. I'm out of ideas. Can somebody with experience give me some advice? I look around a bit and saw a lot of HijackThis logs, so I got myself a copy, updated it and here's the log. From what I learned clicking on the info button and searching on http://www.systemlookup.com/ I think this log seems clean, but I'm no expert.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:13:06, on 22.07.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
K:\WINDOWS\System32\smss.exe
K:\WINDOWS\system32\winlogon.exe
K:\WINDOWS\system32\services.exe
K:\WINDOWS\system32\lsass.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\System32\svchost.exe
K:\WINDOWS\system32\spoolsv.exe
K:\WINDOWS\system32\rundll32.exe
K:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
K:\Program Files\Java\jre6\bin\jqs.exe
K:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
K:\WINDOWS\System32\nvsvc32.exe
K:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
K:\WINDOWS\Explorer.EXE
K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
K:\WINDOWS\system32\ctfmon.exe
K:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
K:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
K:\WINDOWS\system32\svchost.exe
K:\Program Files\Mozilla Firefox\firefox.exe
K:\Program Files\Mozilla Firefox\plugin-container.exe
K:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
L:\kituri\spyware cleaners\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Microformats Toolbar - {9E5B6E18-2F25-463C-87BF-4F6F6D706821} - K:\Program Files\Microsoft\Oomph\Microformats.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - K:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - K:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - K:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE K:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] K:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RocketDock] "K:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKLM\..\Policies\Explorer\Run: [2D890] K:\Program Files\2D890\ -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] K:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] K:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] K:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] K:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Desktop Lighter.lnk = ?
O8 - Extra context menu item: Download all by FlashGet3 - K:\Documents and Settings\Familia\Application Data\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - K:\Documents and Settings\Familia\Application Data\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://K:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - K:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - K:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - K:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - K:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - K:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - K:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - K:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: K:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll,K:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll
O20 - Winlogon Notify: !SASWinLogon - K:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - K:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - K:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - K:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Update Service (gupdate1c96b4a7f31eca0) (gupdate1c96b4a7f31eca0) - Google Inc. - K:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - K:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - K:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - K:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - K:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - K:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - K:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - K:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - K:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - K:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7353 bytes






BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,796 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:59 AM

Posted 22 July 2010 - 09:52 AM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the "Custom Scans/Fixes" section paste in the below in bold

    netsvc
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
  • Push the button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into the body of your next reply.

***************************************************

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.log" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and copy/paste its contents in your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try unchecking the Devices box in addition to the others previously requested. Also, try running GMER in Safe Mode.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


~Blade


In your next reply, please include the following:
OTL.txt
Extras.txt
Gmer.log

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#3 thetiby

thetiby
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 22 July 2010 - 09:59 AM

Hello Zephon,

Ok, following you're instructions I STOPPED right after I encountered a problem while carrying them out . Here's where:

QUOTE
Please download OTL from one of the following mirrors:


Reason: both mirrors are dead. (forbidden and not found).

Thanks,

Tiby

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,796 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:59 AM

Posted 22 July 2010 - 10:07 AM

whoops. . . sorry that's my fault. here's another mirror.

Location 3

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#5 thetiby

thetiby
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 22 July 2010 - 12:15 PM

Ok, here are the results.

OTL

OTL logfile created on: 22.07.2010 18:11:11 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = K:\Documents and Settings\Familia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = K: | %SystemRoot% = K:\WINDOWS | %ProgramFiles% = K:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 14,65 Gb Total Space | 0,50 Gb Free Space | 3,43% Space Free | Partition Type: NTFS
Drive L: | 24,41 Gb Total Space | 2,08 Gb Free Space | 8,53% Space Free | Partition Type: NTFS
Drive M: | 31,30 Gb Total Space | 14,69 Gb Free Space | 46,95% Space Free | Partition Type: NTFS

Computer Name: TIBY
Current User Name: Familia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.07.22 18:08:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- K:\Documents and Settings\Familia\Desktop\OTL.exe
PRC - [2010.06.24 13:33:11 | 000,208,616 | ---- | M] (Kaspersky Lab) -- K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
PRC - [2010.06.18 21:31:13 | 000,315,392 | ---- | M] ( ) -- L:\kituri\piano\THE BEST\PianoRollComposer.exe
PRC - [2010.06.16 18:03:04 | 000,134,808 | ---- | M] (Google Inc.) -- K:\Documents and Settings\Familia\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- K:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.04.16 17:43:39 | 000,237,568 | ---- | M] (Radical Software Ltd.) -- K:\Program Files\Wyzo\wyzo.exe
PRC - [2009.11.13 10:49:20 | 001,021,256 | ---- | M] (TuneUp Software) -- K:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2008.04.14 03:12:19 | 000,975,872 | ---- | M] (Microsoft Corporation) -- K:\WINDOWS\explorer.exe
PRC - [2007.03.19 01:05:02 | 000,630,784 | ---- | M] () -- K:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
PRC - [2007.01.08 16:08:10 | 000,094,208 | ---- | M] () -- K:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe


========== Modules (SafeList) ==========

MOD - [2010.07.22 18:08:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- K:\Documents and Settings\Familia\Desktop\OTL.exe
MOD - [2008.04.14 03:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- K:\WINDOWS\system32\msscript.ocx
MOD - [2007.03.19 01:04:22 | 000,069,632 | ---- | M] () -- K:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.06.24 13:33:11 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP)
SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- K:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- K:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.30 13:09:15 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- K:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.11.13 10:49:20 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- K:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.11.13 10:45:50 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- K:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007.01.08 16:08:10 | 000,094,208 | ---- | M] () [Auto | Running] -- K:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2004.08.13 20:05:56 | 002,532,576 | ---- | M] (Sygate Technologies, Inc.) [On_Demand | Stopped] -- K:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- K:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- K:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- M:\games\l2\MarinesGracia\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | On_Demand | Stopped] -- K:\WINDOWS\System32\DRIVERS\fetnd5.sys -- (FETNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- K:\DOCUME~1\Familia\LOCALS~1\Temp\AMDPCI.sys -- (AMDPCI)
DRV - [2010.06.24 13:33:10 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- K:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2010.06.24 13:33:09 | 000,213,520 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- K:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010.05.10 21:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- K:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 21:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- K:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- K:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.06.30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- K:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008.10.24 17:31:42 | 000,009,216 | ---- | M] (SNEG) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\drivers\FStarForce.sys -- (FStarForce)
DRV - [2008.09.15 08:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.09.15 08:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.07.21 18:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- K:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008.04.30 18:06:48 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008.04.13 21:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008.04.13 19:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.02.27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- K:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008.01.21 21:37:02 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- K:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2007.09.28 13:51:52 | 000,205,184 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2007.08.07 03:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- K:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007.03.29 12:36:00 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- K:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2007.03.26 16:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- K:\WINDOWS\system32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2007.03.26 16:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- K:\WINDOWS\system32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2006.08.16 09:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2006.08.11 16:42:42 | 003,958,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- K:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.08.10 18:05:44 | 000,014,240 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- K:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004.08.10 18:05:42 | 000,014,240 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- K:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004.08.10 18:05:42 | 000,014,240 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- K:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004.08.10 18:05:42 | 000,014,240 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- K:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004.08.10 17:53:14 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- K:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004.08.10 17:51:30 | 000,059,984 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- K:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001.08.23 17:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- K:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2001.08.17 13:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- K:\WINDOWS\system32\drivers\loop.sys -- (msloop)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-796845957-630328440-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-796845957-630328440-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-796845957-630328440-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-796845957-630328440-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-796845957-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {D9CFDC5F-081E-420c-A108-A628AC2E556B}:2.0
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.0.3
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:0.2.1
FF - prefs.js..extensions.enabledItems: ubiquity@labs.mozilla.com:0.5.4
FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.13
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: multipletab@piro.sakura.ne.jp:0.5.2010070301
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: dummylipsum@sogame.cat:3.0.0
FF - prefs.js..extensions.enabledItems: aboutme@test.mozilla.com:0.4.1
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: K:\Program Files\Mozilla Firefox\components [2010.07.21 21:23:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: K:\Program Files\Mozilla Firefox\plugins [2010.07.21 21:23:07 | 000,000,000 | ---D | M]

[2010.07.21 21:15:12 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Mozilla\Extensions
[2010.07.21 19:12:54 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\32r4mcnw.default\extensions
[2010.07.22 12:46:34 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions
[2010.07.21 21:24:49 | 000,000,000 | ---D | M] (Rikaichan) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2010.07.21 21:24:52 | 000,000,000 | ---D | M] (Organize Status Bar) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2010.07.21 21:24:48 | 000,000,000 | ---D | M] (Html Validator) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010.07.21 21:24:42 | 000,000,000 | ---D | M] (Favicon Picker 3) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2010.07.21 21:24:55 | 000,000,000 | ---D | M] (Gmail Notifier) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010.07.21 21:24:44 | 000,000,000 | ---D | M] (Stylish) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.07.21 21:24:52 | 000,000,000 | ---D | M] (FEBE) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010.07.21 21:24:58 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
[2010.07.21 21:24:42 | 000,000,000 | ---D | M] (ColorZilla) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010.07.21 21:25:01 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2010.07.21 21:24:49 | 000,000,000 | ---D | M] (MeasureIt) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2010.07.21 21:24:43 | 000,000,000 | ---D | M] (No name found) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010.07.21 21:24:52 | 000,000,000 | ---D | M] (Adblock Plus) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.21 21:25:01 | 000,000,000 | ---D | M] (Pixlr Grabber) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2010.07.21 21:25:02 | 000,000,000 | ---D | M] (GridFox) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{D9CFDC5F-081E-420c-A108-A628AC2E556B}
[2010.07.21 21:24:51 | 000,000,000 | ---D | M] (Greasemonkey) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.07.21 21:24:42 | 000,000,000 | ---D | M] (Menu Editor) -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010.07.21 21:24:42 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\aboutme@test.mozilla.com
[2010.07.21 21:24:43 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\dummylipsum@sogame.cat
[2010.07.21 21:24:55 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\firebug@software.joehewitt.com
[2010.07.21 21:24:49 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\lazarus@interclue.com
[2010.07.21 21:24:49 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\multipletab@piro.sakura.ne.jp
[2010.07.21 21:25:01 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\silvermelxt@pardal.de
[2010.07.21 21:24:52 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\tineye@ideeinc.com
[2010.07.21 21:25:01 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\ubiquity@labs.mozilla.com
[2010.07.21 21:15:00 | 000,000,000 | ---D | M] -- K:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010.07.21 18:35:11 | 000,000,762 | ---- | M]) - K:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Microformats.Toolbar.1) - {9E5B6E18-2F25-463C-87BF-4F6F6D706821} - K:\Program Files\Microsoft\Oomph\Microformats.dll (Microsoft)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - K:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-796845957-630328440-725345543-1003\..\Toolbar\WebBrowser: (no name) - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-630328440-725345543-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-630328440-725345543-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-630328440-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AVP] K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [NvCplDaemon] K:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-796845957-630328440-725345543-1003..\Run: [RocketDock] K:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-796845957-630328440-725345543-1003..\Run: [SUPERAntiSpyware] K:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: K:\Documents and Settings\Familia\Start Menu\Programs\Startup\Desktop Lighter.lnk = K:\Program Files\Desktop Lighter\DLighter.exe (DiMXSoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 2D890 = K:\Program Files\2D890\ -h
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-630328440-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-630328440-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-796845957-630328440-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Download all by FlashGet3 - K:\Documents and Settings\Familia\Application Data\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - K:\Documents and Settings\Familia\Application Data\FlashGetBHO\GetUrl.htm ()
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - K:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - K:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - K:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - K:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll ()
O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - K:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab (Java Plug-in 1.4.2_01)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: Microsoft XML Parser for Java file://K:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - K:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - K:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (K:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll) - K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (K:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll) - K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - K:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (K:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - K:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - K:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - K:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - K:\WINDOWS\system32\klogon.dll - K:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: K:\Documents and Settings\Familia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: K:\Documents and Settings\Familia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - K:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{24a47e92-db48-11dd-8b68-001a4d7f3254}\Shell\AUtoPlay\cOmmAnd - "" = rxkqve.exe
O33 - MountPoints2\{24a47e92-db48-11dd-8b68-001a4d7f3254}\Shell\AutoRun\command - "" = rxkqve.exe
O33 - MountPoints2\{24a47e92-db48-11dd-8b68-001a4d7f3254}\Shell\eXpLoRe\COmmand - "" = rxkqve.exe
O33 - MountPoints2\{24a47e92-db48-11dd-8b68-001a4d7f3254}\Shell\OpeN\CommAND - "" = rxkqve.exe
O33 - MountPoints2\{58bb73a6-14eb-11dd-8994-001a4d7f3254}\Shell\AutoRun\command - "" = I:\SnibJw.EXE -- File not found
O33 - MountPoints2\{58bb73a6-14eb-11dd-8994-001a4d7f3254}\Shell\OpeN\CoMmAnD - "" = I:\SNIBJW.exE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2010.07.22 18:08:16 | 000,574,976 | ---- | C] (OldTimer Tools) -- K:\Documents and Settings\Familia\Desktop\OTL.exe
[2010.07.22 14:42:54 | 000,000,000 | ---D | C] -- K:\WINDOWS\System32\XPSViewer
[2010.07.22 14:42:46 | 000,000,000 | ---D | C] -- K:\Program Files\MSBuild
[2010.07.22 14:42:34 | 000,000,000 | ---D | C] -- K:\Program Files\Reference Assemblies
[2010.07.22 11:45:21 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- K:\WINDOWS\System32\drivers\pavboot.sys
[2010.07.22 11:44:24 | 000,000,000 | ---D | C] -- K:\Program Files\Panda Security
[2010.07.21 21:14:58 | 000,000,000 | ---D | C] -- K:\Program Files\Mozilla Firefox
[2010.07.21 20:34:54 | 000,000,000 | ---D | C] -- K:\Documents and Settings\Familia\Application Data\SUPERAntiSpyware.com
[2010.07.21 20:34:54 | 000,000,000 | ---D | C] -- K:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010.07.21 20:34:44 | 000,000,000 | ---D | C] -- K:\Program Files\SUPERAntiSpyware
[2010.07.21 19:32:00 | 000,000,000 | -HSD | C] -- K:\Documents and Settings\Familia\Recent
[2010.07.21 19:10:29 | 000,000,000 | ---D | C] -- K:\Documents and Settings\Familia\Application Data\Malwarebytes
[2010.07.21 19:10:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- K:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.21 19:10:19 | 000,000,000 | ---D | C] -- K:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.07.21 19:10:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- K:\WINDOWS\System32\drivers\mbam.sys
[2010.07.21 19:10:18 | 000,000,000 | ---D | C] -- K:\Program Files\Malwarebytes' Anti-Malware
[2010.07.15 13:14:30 | 000,000,000 | ---D | C] -- K:\Program Files\MultipleIEs
[2010.07.14 21:18:01 | 000,744,448 | ---- | C] (Microsoft Corporation) -- K:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.13 19:09:06 | 000,000,000 | ---D | C] -- K:\Documents and Settings\Familia\My Documents\Adobe Scripts
[2010.07.07 21:57:03 | 000,000,000 | ---D | C] -- K:\Documents and Settings\Familia\Local Settings\Application Data\PunkBuster
[2010.07.07 21:32:30 | 000,000,000 | ---D | C] -- K:\Documents and Settings\Familia\Application Data\id Software
[2010.07.07 21:32:17 | 000,000,000 | ---D | C] -- K:\Documents and Settings\All Users\Application Data\id Software
[2010.06.29 19:25:17 | 000,000,000 | ---D | C] -- K:\Program Files\IndieVolume
[2010.06.24 16:35:12 | 000,000,000 | ---D | C] -- K:\Documents and Settings\All Users\Documents\Adobe
[2010.06.24 13:02:00 | 000,000,000 | ---D | C] -- K:\Documents and Settings\Familia\Local Settings\Application Data\XMen
[2010.06.24 12:57:54 | 000,000,000 | ---D | C] -- K:\Program Files\Kaspersky Lab
[2010.06.24 12:57:17 | 000,213,520 | ---- | C] (Kaspersky Lab) -- K:\WINDOWS\System32\drivers\klif.sys
[2010.06.24 12:13:38 | 000,000,000 | ---D | C] -- K:\Documents and Settings\LocalService\Local Settings\Application Data\Radical Software Ltd
[2010.06.24 12:11:18 | 000,000,000 | ---D | C] -- K:\Documents and Settings\LocalService\Application Data\McAfee
[5 K:\WINDOWS\*.tmp files -> K:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.07.22 18:11:52 | 000,293,376 | ---- | M] () -- K:\Documents and Settings\Familia\Desktop\9ie1k6nf.exe
[2010.07.22 18:11:00 | 000,001,090 | ---- | M] () -- K:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.22 18:10:08 | 000,925,728 | -HS- | M] () -- K:\WINDOWS\System32\drivers\fidbox2.dat
[2010.07.22 18:10:08 | 000,006,340 | -HS- | M] () -- K:\WINDOWS\System32\drivers\fidbox2.idx
[2010.07.22 18:08:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- K:\Documents and Settings\Familia\Desktop\OTL.exe
[2010.07.22 18:08:00 | 000,001,190 | ---- | M] () -- K:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-630328440-725345543-1003UA.job
[2010.07.22 18:08:00 | 000,001,138 | ---- | M] () -- K:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-630328440-725345543-1003Core.job
[2010.07.22 17:28:42 | 006,315,040 | -HS- | M] () -- K:\WINDOWS\System32\drivers\fidbox.dat
[2010.07.22 17:28:40 | 000,052,512 | -HS- | M] () -- K:\WINDOWS\System32\drivers\fidbox.idx
[2010.07.22 16:34:17 | 000,492,692 | ---- | M] () -- K:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.22 16:34:17 | 000,435,680 | ---- | M] () -- K:\WINDOWS\System32\perfh009.dat
[2010.07.22 16:34:17 | 000,068,576 | ---- | M] () -- K:\WINDOWS\System32\perfc009.dat
[2010.07.22 15:51:28 | 000,000,490 | ---- | M] () -- K:\WINDOWS\tasks\Automatic troubleshooting.job
[2010.07.22 15:51:05 | 000,126,464 | ---- | M] () -- K:\Documents and Settings\Familia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.07.22 15:51:05 | 000,000,380 | ---- | M] () -- K:\WINDOWS\tasks\AWC AutoSweep.job
[2010.07.22 15:50:51 | 000,081,191 | ---- | M] () -- K:\WINDOWS\System32\nvapps.xml
[2010.07.22 15:50:41 | 000,001,086 | ---- | M] () -- K:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.22 15:50:19 | 003,867,312 | ---- | M] () -- K:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.22 15:49:00 | 000,000,310 | -HS- | M] () -- K:\WINDOWS\tasks\Hqye.job
[2010.07.22 15:49:00 | 000,000,006 | -H-- | M] () -- K:\WINDOWS\tasks\SA.DAT
[2010.07.22 15:48:56 | 000,002,048 | --S- | M] () -- K:\WINDOWS\bootstat.dat
[2010.07.22 15:47:50 | 015,204,352 | -H-- | M] () -- K:\Documents and Settings\Familia\NTUSER.DAT
[2010.07.22 15:47:38 | 000,000,278 | -HS- | M] () -- K:\Documents and Settings\Familia\ntuser.ini
[2010.07.22 15:46:38 | 014,450,132 | -H-- | M] () -- K:\Documents and Settings\Familia\Local Settings\Application Data\IconCache.db
[2010.07.22 15:15:23 | 000,000,392 | ---- | M] () -- K:\WINDOWS\tasks\AWC Update.job
[2010.07.21 15:11:17 | 000,001,456 | ---- | M] () -- K:\Documents and Settings\Familia\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2010.07.19 20:51:12 | 000,000,499 | ---- | M] () -- K:\Documents and Settings\Familia\Start Menu\Programs\Startup\Desktop Lighter.lnk
[2010.07.19 17:46:12 | 000,000,386 | ---- | M] () -- K:\WINDOWS\tasks\AWC AutoCare.job
[2010.07.18 17:05:12 | 000,000,642 | ---- | M] () -- K:\Documents and Settings\Familia\Application Data\pacemaker.ini
[2010.07.17 10:39:29 | 000,002,206 | ---- | M] () -- K:\WINDOWS\System32\wpa.dbl
[2010.07.16 13:22:01 | 000,000,284 | ---- | M] () -- K:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.07.13 19:58:04 | 000,940,343 | ---- | M] () -- K:\Documents and Settings\Familia\Desktop\Photoshop CS5 JavaScript Ref.pdf
[2010.07.13 19:57:57 | 000,404,610 | ---- | M] () -- K:\Documents and Settings\Familia\Desktop\Photoshop CS5 Scripting Guide.pdf
[2010.07.13 18:55:52 | 000,000,132 | ---- | M] () -- K:\Documents and Settings\Familia\Application Data\Adobe IllExport Filter CS5 Prefs
[2010.07.11 22:13:32 | 000,214,720 | ---- | M] () -- K:\WINDOWS\System32\PnkBstrB.xtr
[2010.07.10 15:46:45 | 000,098,976 | -H-- | M] () -- K:\WINDOWS\System32\mlfcache.dat
[2010.07.05 15:04:17 | 000,157,696 | ---- | M] () -- K:\Documents and Settings\Familia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.24 13:33:10 | 000,033,808 | ---- | M] (Kaspersky Lab) -- K:\WINDOWS\System32\drivers\klbg.sys
[2010.06.24 13:33:09 | 000,213,520 | ---- | M] (Kaspersky Lab) -- K:\WINDOWS\System32\drivers\klif.sys
[2010.06.24 13:32:43 | 000,113,933 | ---- | M] () -- K:\WINDOWS\System32\drivers\klin.dat
[2010.06.24 13:32:42 | 000,097,549 | ---- | M] () -- K:\WINDOWS\System32\drivers\klick.dat
[5 K:\WINDOWS\*.tmp files -> K:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.07.22 18:11:50 | 000,293,376 | ---- | C] () -- K:\Documents and Settings\Familia\Desktop\9ie1k6nf.exe
[2010.07.19 20:51:12 | 000,000,499 | ---- | C] () -- K:\Documents and Settings\Familia\Start Menu\Programs\Startup\Desktop Lighter.lnk
[2010.07.13 19:58:04 | 000,940,343 | ---- | C] () -- K:\Documents and Settings\Familia\Desktop\Photoshop CS5 JavaScript Ref.pdf
[2010.07.13 19:57:57 | 000,404,610 | ---- | C] () -- K:\Documents and Settings\Familia\Desktop\Photoshop CS5 Scripting Guide.pdf
[2010.07.13 18:34:01 | 000,000,132 | ---- | C] () -- K:\Documents and Settings\Familia\Application Data\Adobe IllExport Filter CS5 Prefs
[2010.07.07 22:37:26 | 000,214,720 | ---- | C] () -- K:\WINDOWS\System32\PnkBstrB.xtr
[2010.06.25 16:36:36 | 000,001,456 | ---- | C] () -- K:\Documents and Settings\Familia\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2010.06.24 13:39:18 | 000,000,392 | ---- | C] () -- K:\WINDOWS\tasks\AWC Update.job
[2010.06.24 12:59:01 | 000,113,933 | ---- | C] () -- K:\WINDOWS\System32\drivers\klin.dat
[2010.06.24 12:59:01 | 000,097,549 | ---- | C] () -- K:\WINDOWS\System32\drivers\klick.dat
[2010.06.24 12:57:54 | 006,315,040 | -HS- | C] () -- K:\WINDOWS\System32\drivers\fidbox.dat
[2010.06.24 12:57:54 | 000,925,728 | -HS- | C] () -- K:\WINDOWS\System32\drivers\fidbox2.dat
[2010.06.24 12:57:54 | 000,052,512 | -HS- | C] () -- K:\WINDOWS\System32\drivers\fidbox.idx
[2010.06.24 12:57:54 | 000,006,340 | -HS- | C] () -- K:\WINDOWS\System32\drivers\fidbox2.idx
[2010.06.12 23:31:34 | 000,110,592 | RHS- | C] () -- K:\WINDOWS\System32\eappprxyw.dll
[2010.04.09 18:25:02 | 001,970,176 | ---- | C] () -- K:\WINDOWS\System32\d3dx9.dll
[2010.01.27 13:14:54 | 000,054,694 | ---- | C] () -- K:\WINDOWS\System32\pthreadGC.dll
[2010.01.02 14:30:58 | 000,003,840 | ---- | C] () -- K:\WINDOWS\System32\drivers\BANTExt.sys
[2009.12.27 12:44:53 | 000,000,025 | ---- | C] () -- K:\WINDOWS\libem.INI
[2009.11.24 18:25:32 | 000,974,848 | ---- | C] () -- K:\WINDOWS\vorbis.dll
[2009.11.24 18:25:32 | 000,049,152 | ---- | C] () -- K:\WINDOWS\ogg.dll
[2009.11.24 18:25:32 | 000,028,672 | ---- | C] () -- K:\WINDOWS\vorbisfile.dll
[2009.10.08 20:41:34 | 000,002,661 | ---- | C] () -- K:\WINDOWS\Ascd_tmp.ini
[2009.10.08 20:41:27 | 000,005,824 | ---- | C] () -- K:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.10.01 18:14:22 | 000,000,031 | ---- | C] () -- K:\WINDOWS\tdlp32.ini
[2009.09.07 18:28:05 | 000,000,107 | ---- | C] () -- K:\WINDOWS\System32\bup202.dll
[2009.08.26 19:52:23 | 000,020,480 | ---- | C] () -- K:\WINDOWS\System32\VBUTILLight.dll
[2009.08.26 13:58:29 | 000,000,080 | RHS- | C] () -- K:\WINDOWS\System32\2693A5742F.dll
[2009.06.22 14:32:17 | 000,000,122 | ---- | C] () -- K:\WINDOWS\WA.INI
[2009.04.10 12:47:42 | 000,023,552 | ---- | C] () -- K:\WINDOWS\System32\jesterss.dll
[2009.01.21 16:06:39 | 000,815,104 | ---- | C] () -- K:\WINDOWS\System32\xvidcore.dll
[2009.01.21 16:06:39 | 000,180,224 | ---- | C] () -- K:\WINDOWS\System32\xvidvfw.dll
[2009.01.20 10:52:57 | 000,000,202 | ---- | C] () -- K:\WINDOWS\fd3.INI
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- K:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- K:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- K:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- K:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- K:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- K:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- K:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- K:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- K:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- K:\WINDOWS\System32\AgCPanelFrench.dll
[2008.09.04 17:12:06 | 000,000,033 | ---- | C] () -- K:\WINDOWS\SYMGAMES.INI
[2008.06.22 15:28:07 | 000,010,077 | ---- | C] () -- K:\WINDOWS\msvrc20.dll
[2008.05.23 21:19:33 | 000,034,308 | ---- | C] () -- K:\WINDOWS\System32\BASSMOD.dll
[2008.04.10 12:49:01 | 000,000,310 | ---- | C] () -- K:\WINDOWS\MP3trt.ini
[2008.02.18 19:08:10 | 000,000,144 | ---- | C] () -- K:\WINDOWS\TDW.INI
[2008.01.21 20:25:49 | 000,172,032 | ---- | C] () -- K:\WINDOWS\System32\MP2enc.dll
[2008.01.21 20:25:48 | 000,221,184 | ---- | C] () -- K:\WINDOWS\System32\lame_enc.dll
[2008.01.21 16:18:26 | 000,000,489 | ---- | C] () -- K:\WINDOWS\demo.INI
[2008.01.18 13:01:34 | 000,000,069 | ---- | C] () -- K:\WINDOWS\NeroDigital.ini
[2008.01.17 17:03:30 | 000,000,056 | RHS- | C] () -- K:\WINDOWS\System32\E59A23296C.sys
[2008.01.17 17:00:41 | 000,002,828 | -HS- | C] () -- K:\WINDOWS\System32\KGyGaAvL.sys
[2008.01.17 16:33:43 | 000,000,209 | ---- | C] () -- K:\WINDOWS\WINCMD.INI
[2008.01.17 16:27:26 | 000,000,376 | ---- | C] () -- K:\WINDOWS\ODBC.INI
[2008.01.17 16:00:32 | 000,024,944 | ---- | C] () -- K:\WINDOWS\System32\drivers\GVTDrv.sys
[2008.01.17 15:34:24 | 000,000,000 | ---- | C] () -- K:\WINDOWS\frontpg.ini
[2006.08.11 16:45:20 | 000,581,632 | ---- | C] () -- K:\WINDOWS\System32\nvhwvid.dll
[2006.08.11 16:43:10 | 000,196,608 | ---- | C] () -- K:\WINDOWS\System32\nvapi.dll
[2006.08.11 16:43:00 | 001,662,976 | ---- | C] () -- K:\WINDOWS\System32\nvwdmcpl.dll
[2006.08.11 16:43:00 | 001,470,464 | ---- | C] () -- K:\WINDOWS\System32\nview.dll
[2006.08.11 16:43:00 | 001,019,904 | ---- | C] () -- K:\WINDOWS\System32\nvwimg.dll
[2006.08.11 16:43:00 | 000,466,944 | ---- | C] () -- K:\WINDOWS\System32\nvshell.dll
[2006.08.11 16:43:00 | 000,286,720 | ---- | C] () -- K:\WINDOWS\System32\nvnt4cpl.dll
[2006.05.03 01:38:24 | 000,000,748 | ---- | C] () -- K:\WINDOWS\SetBrowser.ini
[2004.09.17 18:37:42 | 000,061,440 | ---- | C] () -- K:\WINDOWS\System32\vuins32.dll
[2004.08.10 21:39:04 | 000,218,264 | ---- | C] () -- K:\WINDOWS\System32\SetAid.dll
[2004.08.04 03:56:46 | 000,363,520 | ---- | C] () -- K:\WINDOWS\System32\psisdecd.dll
[2004.07.17 14:48:44 | 000,249,270 | ---- | C] () -- K:\WINDOWS\System32\_004776_.tmp.dll
[2004.07.17 14:48:44 | 000,022,040 | ---- | C] () -- K:\WINDOWS\System32\_004744_.tmp.dll
[2003.01.07 18:05:08 | 000,002,695 | ---- | C] () -- K:\WINDOWS\System32\OUTLPERF.INI
[2002.03.19 17:30:00 | 000,141,824 | ---- | C] () -- K:\WINDOWS\System32\msvdm.dll

========== LOP Check ==========

[2009.05.22 19:14:24 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\4e3977b
[2009.08.08 10:38:49 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
[2010.02.20 21:32:05 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\boost_interprocess
[2008.06.24 13:13:53 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\ESET
[2010.07.07 21:32:17 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\id Software
[2009.01.26 14:17:13 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\Installations
[2009.05.22 18:22:45 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\InterAction studios
[2010.03.13 12:30:24 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\IObit
[2009.08.26 14:41:58 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\KB Piano
[2008.01.18 03:17:02 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2008.10.19 15:30:45 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\PC Suite
[2010.04.11 19:19:33 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\Redfield
[2010.05.25 19:52:51 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010.06.03 18:16:26 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\TEMP
[2010.01.30 13:07:51 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010.04.02 13:38:06 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008.06.23 09:55:50 | 000,000,000 | -HSD | M] -- K:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.09.11 13:34:19 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.04.10 13:44:29 | 000,000,000 | ---D | M] -- K:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.01.30 13:07:41 | 000,000,000 | -HSD | M] -- K:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.06.12 23:59:04 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\BITS
[2010.06.09 09:42:25 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.01.24 14:43:53 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2009.08.26 13:57:59 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\ComfortSoftware
[2009.12.27 12:44:46 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\FlashGet
[2010.04.06 22:35:44 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\FlashGetBHO
[2010.06.13 12:03:56 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\FlashgetSetup
[2009.08.08 10:37:46 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Flock
[2010.07.07 21:32:30 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\id Software
[2009.08.08 10:37:40 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\ImgBurn
[2009.09.12 18:32:14 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\IObit
[2009.08.08 10:37:40 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Lunascape
[2009.08.08 10:34:18 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\mioObjects
[2009.08.08 10:31:30 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\MySQL
[2010.03.12 22:33:07 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\net.tw.Boks.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1
[2009.08.08 10:31:28 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Nokia
[2010.02.23 17:15:40 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Notepad++
[2009.08.08 10:31:22 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Opera
[2009.08.08 10:31:21 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\PC Suite
[2009.08.08 10:31:21 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\PlayFirst
[2010.04.16 17:44:34 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Radical Software Ltd
[2009.08.26 20:10:19 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Roni Music
[2010.03.17 20:43:21 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\SimfaticForms
[2009.11.28 20:12:02 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Smart Reading
[2010.05.25 19:55:55 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.06.13 18:37:20 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Synthesia
[2009.11.24 18:41:14 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\TERMINAL Studio
[2009.08.08 10:30:53 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\TuneUp Software
[2009.08.08 10:30:53 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\Unity
[2009.08.18 16:09:45 | 000,000,000 | ---D | M] -- K:\Documents and Settings\Familia\Application Data\vghd
[2010.01.30 14:00:01 | 000,000,000 | ---D | M] -- K:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2010.01.30 15:00:02 | 000,000,000 | ---D | M] -- K:\Documents and Settings\NetworkService\Application Data\TuneUp Software
[2010.07.22 15:51:28 | 000,000,490 | ---- | M] () -- K:\WINDOWS\Tasks\Automatic troubleshooting.job
[2010.07.19 17:46:12 | 000,000,386 | ---- | M] () -- K:\WINDOWS\Tasks\AWC AutoCare.job
[2010.07.22 15:51:05 | 000,000,380 | ---- | M] () -- K:\WINDOWS\Tasks\AWC AutoSweep.job
[2010.07.22 15:15:23 | 000,000,392 | ---- | M] () -- K:\WINDOWS\Tasks\AWC Update.job
[2010.07.22 15:49:00 | 000,000,310 | -HS- | M] () -- K:\WINDOWS\Tasks\Hqye.job

========== Purity Check ==========



========== Custom Scans ==========


< netsvc >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004.08.04 04:07:00 | 018,738,937 | ---- | M] () .cab file -- K:\I386\sp2.cab:AGP440.sys
[2004.08.04 04:05:44 | 018,738,937 | ---- | M] () .cab file -- K:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.01.02 15:47:20 | 023,852,652 | ---- | M] () .cab file -- K:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.01.02 15:47:20 | 023,852,652 | ---- | M] () .cab file -- K:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 21:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- K:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 21:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- K:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.04 04:07:00 | 010,158,890 | ---- | M] () .cab file -- K:\I386\sp1.cab:atapi.sys
[2004.08.04 04:07:00 | 018,738,937 | ---- | M] () .cab file -- K:\I386\sp2.cab:atapi.sys
[2004.08.04 04:05:44 | 018,738,937 | ---- | M] () .cab file -- K:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.01.02 15:47:20 | 023,852,652 | ---- | M] () .cab file -- K:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.01.02 15:47:20 | 023,852,652 | ---- | M] () .cab file -- K:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- K:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- K:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- K:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 03:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- K:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- K:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008.04.14 03:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- K:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- K:\WINDOWS\system32\netlogon.dll
[2009.02.06 21:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- K:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 21:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- K:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 03:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- K:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- K:\WINDOWS\system32\scecli.dll

< MD5 for: VIPRT.SYS >
[2007.03.26 16:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- K:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\VIA Serial ATA Channel\ViPrt.sys
[2007.03.26 16:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- K:\Program Files\IObit\Advanced SystemCare 3\Backup\Drivers\VIA Serial ATA Controller - 0591\ViPrt.sys
[2007.03.26 16:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- K:\WINDOWS\system32\drivers\ViPrt.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010.06.12 23:31:34 | 000,110,592 | RHS- | M] () Unable to obtain MD5 -- K:\WINDOWS\system32\eappprxyw.dll
[2008.04.14 03:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- K:\WINDOWS\system32\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >
[2010.07.22 15:49:00 | 000,000,310 | -HS- | M] () Unable to obtain MD5 -- K:\WINDOWS\Tasks\Hqye.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.01.19 00:24:25 | 000,262,144 | ---- | M] () -- K:\WINDOWS\system32\config\default.sav
[2008.01.18 22:18:14 | 000,262,144 | ---- | M] () -- K:\WINDOWS\system32\config\security.sav
[2008.01.19 00:24:25 | 025,952,256 | ---- | M] () -- K:\WINDOWS\system32\config\software.sav
[2008.01.19 00:24:26 | 003,145,728 | ---- | M] () -- K:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> K:\Documents and Settings\All Users\Application Data\TEMP:E6F9610D
@Alternate Data Stream - 127 bytes -> K:\Documents and Settings\All Users\Application Data\TEMP:98781370
@Alternate Data Stream - 126 bytes -> K:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 100 bytes -> K:\Documents and Settings\All Users\Application Data\TEMP:EC800EE4
< End of report >


Extras
OTL Extras logfile created on: 22.07.2010 18:11:11 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = K:\Documents and Settings\Familia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = K: | %SystemRoot% = K:\WINDOWS | %ProgramFiles% = K:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 14,65 Gb Total Space | 0,50 Gb Free Space | 3,43% Space Free | Partition Type: NTFS
Drive L: | 24,41 Gb Total Space | 2,08 Gb Free Space | 8,53% Space Free | Partition Type: NTFS
Drive M: | 31,30 Gb Total Space | 14,69 Gb Free Space | 46,95% Space Free | Partition Type: NTFS

Computer Name: TIBY
Current User Name: Familia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- K:\Program Files\Safari\Safari.exe (Apple Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "K:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "K:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "K:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- K:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- M:\Downloads\cs5 installed\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- K:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"14227:TCP" = 14227:TCP:*:Enabled:BitComet 14227 TCP
"14227:UDP" = 14227:UDP:*:Enabled:BitComet 14227 UDP
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"K:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = K:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"K:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = K:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"K:\Documents and Settings\Familia\Application Data\FlashgetSetup\fgmini.exe" = K:\Documents and Settings\Familia\Application Data\FlashgetSetup\fgmini.exe:*:Enabled:fg_ol_silent -- (Flashget)
"K:\Program Files\iTunes\iTunes.exe" = K:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"M:\Downloads\cs5 installed\Adobe Flash Builder 4\FlashBuilder.exe" = M:\Downloads\cs5 installed\Adobe Flash Builder 4\FlashBuilder.exe:*:Enabled:FlashBuilder -- ()
"K:\WINDOWS\system32\PnkBstrA.exe" = K:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- File not found
"K:\WINDOWS\system32\PnkBstrB.exe" = K:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- File not found
"M:\Downloads\cs5 installed\Adobe Dreamweaver CS5\Dreamweaver.exe" = M:\Downloads\cs5 installed\Adobe Dreamweaver CS5\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS5 -- (Adobe Systems, Inc.)
"K:\Program Files\Google\Google Talk\googletalk.exe" = K:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12905F20-5A31-499A-9463-71E5C3EF950B}" = SmartOCR Lite Edition 1.0
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{20110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20ED157B-1A84-4DF7-945E-4951A38A9CBA}" = iPod Reset Utility
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{345FB947-0E75-41B6-B2A8-7FEDFFF866BF}" = Expresso
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3F8C0531-6200-485A-9826-948CA116C1BB}" = Oomph: Microformats Tools
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92271486-E286-4CF1-AE6D-F889F83CBF84}" = Opera 9.61
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BF448A52-C83E-455D-B5D3-FD9E964C9419}" = Sygate Personal Firewall Pro
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F173DE-519F-4C5E-8B6C-B1BF2DF3593B}" = Română cu Alt dreapta (cu sedile) - diacritice.ro
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB9E4EAB-2717-499F-8D56-4CC8A644AB60}" = MPlayer for Windows (Full Package)
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E03D0061-1060-4BF7-87E4-CEB791A51A14}" = MySQL Tools for 5.0
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"3D Lake Cabin Full Screen Saver" = 3D Lake Cabin Full Screen Saver
"3D Snowy Cottage Full Screen Saver" = 3D Snowy Cottage Full Screen Saver
"4Easysoft Nokia Video Converter_is1" = 4Easysoft Nokia Video Converter
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"AC Tool" = AC Tool
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Advanced PDF to HTML converter_is1" = Advanced PDF to HTML converter 1.9.9.16
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AlwaysOnTop Web Browser" = AlwaysOnTop Web Browser 1.0
"AudioConvert" = AudioConvert
"Belarc Advisor" = Belarc Advisor 8.1
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX Setup
"DSTE4" = TeXaide 4
"Duplicate Cleaner_is1" = Duplicate Cleaner 1.4.3
"Flash Decompiler Trillix_is1" = Flash Decompiler Trillix
"FlashGet 3.3" = FlashGet 3.3
"Free 3D Aquarium Screensaver_is1" = Free 3D Aquarium Screensaver
"Free 3D Valley Screensaver_is1" = Free 3D Valley Screensaver 1.0
"Free Hogwarts Screensaver_is1" = Free Hogwarts Screensaver 1.0
"HP Drive Key Boot Utility" = HP Drive Key Boot Utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Infinite Password Generator" = Infinite Password Generator 3.1
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
"JAIELangPack" = Japanese Language Support
"Lake Scenes Full Screen Saver" = Lake Scenes Full Screen Saver
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Moonlight Lake Premium Screen Saver" = Moonlight Lake Premium Screen Saver
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"MultipleIEs_is1" = MultipleIEs
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"PowerISO" = PowerISO
"Sib Cursor Editor" = Sib Cursor Editor
"ST5UNST #1" = Decoder
"TuneUp Utilities" = TuneUp Utilities
"Unlocker" = Unlocker 1.8.6
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 0.9.8a
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.42-2
"WinRAR archiver" = WinRAR archiver
"Wyzo" = Wyzo
"xampp" = XAMPP 1.7.1
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-796845957-630328440-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CFA2CFAB-4B51-47D5-8ECF-5C007F37DB94}" = Desktop Lighter
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21.07.2010 00:40:09 | Computer Name = TIBY | Source = ESENT | ID = 482
Description = wuauclt (2484) An attempt to write to the file "K:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
at offset 0 (0x0000000000000000) for 131072 (0x00020000) bytes failed with system
error 112 (0x00000070): "There is not enough space on the disk. ". The write operation
will fail with error -1808 (0xfffff8f0). If this error persists then the file
may be damaged and may need to be restored from a previous backup.

Error - 21.07.2010 00:40:10 | Computer Name = TIBY | Source = ESENT | ID = 486
Description = wuauclt (2484) An attempt to move the file "K:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log"
to "K:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system
error 2 (0x00000002): "The system cannot find the file specified. ". The move
file operation will fail with error -1811 (0xfffff8ed).

Error - 21.07.2010 00:40:10 | Computer Name = TIBY | Source = ESENT | ID = 482
Description = wuauclt (2484) An attempt to write to the file "K:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
at offset 0 (0x0000000000000000) for 131072 (0x00020000) bytes failed with system
error 112 (0x00000070): "There is not enough space on the disk. ". The write operation
will fail with error -1808 (0xfffff8f0). If this error persists then the file
may be damaged and may need to be restored from a previous backup.

Error - 21.07.2010 00:40:10 | Computer Name = TIBY | Source = ESENT | ID = 486
Description = wuauclt (2484) An attempt to move the file "K:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log"
to "K:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system
error 2 (0x00000002): "The system cannot find the file specified. ". The move
file operation will fail with error -1811 (0xfffff8ed).

Error - 21.07.2010 00:40:10 | Computer Name = TIBY | Source = ESENT | ID = 486
Description = wuauclt (2484) An attempt to move the file "K:\WINDOWS\SoftwareDistribution\DataStore\Logs\res1.log"
to "K:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system
error 2 (0x00000002): "The system cannot find the file specified. ". The move
file operation will fail with error -1811 (0xfffff8ed).

Error - 21.07.2010 00:40:10 | Computer Name = TIBY | Source = ESENT | ID = 429
Description = wuaueng.dll (2484) SUS20ClientDataStore: The database engine log disk
is full. Deleting logfiles to recover disk space may make your database unstartable
if the database file(s) are Inconsistent. Numbered logfiles may be moved, but not
deleted, if and only if the database file(s) are Consistent. Do not move edb.log.

Error - 21.07.2010 00:40:10 | Computer Name = TIBY | Source = ESENT | ID = 413
Description = wuauclt (2484) Unable to create a new logfile because the database
cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured,
or corrupted. Error -1811.

Error - 21.07.2010 00:40:10 | Computer Name = TIBY | Source = ESENT | ID = 492
Description = wuauclt (2484) The logfile sequence in "K:\WINDOWS\SoftwareDistribution\DataStore\Logs\"
has been halted due to a fatal error. No further updates are possible for the
databases that use this logfile sequence. Please correct the problem and restart
or restore from backup.

Error - 21.07.2010 00:40:10 | Computer Name = TIBY | Source = ESENT | ID = 471
Description = wuauclt (2484) Unable to rollback operation #7876 on database K:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb.
Error: -510. All future database updates will be rejected.

Error - 21.07.2010 09:27:55 | Computer Name = TIBY | Source = Application Error | ID = 1000
Description = Faulting application wyzo.exe, version 1.9.1.3635, faulting module
unknown, version 0.0.0.0, fault address 0x0f2ec228.

[ System Events ]
Error - 21.07.2010 03:13:30 | Computer Name = TIBY | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for K:\Program Files\Microsoft\Oomph\Microformats.dll.
Reference
error message: The operation completed successfully. .

Error - 21.07.2010 03:17:29 | Computer Name = TIBY | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for K:\Program Files\Microsoft\Oomph\Microformats.dll.
Reference
error message: The operation completed successfully. .

Error - 21.07.2010 03:17:30 | Computer Name = TIBY | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for K:\Program Files\Microsoft\Oomph\Microformats.dll.
Reference
error message: The operation completed successfully. .

Error - 21.07.2010 12:30:53 | Computer Name = TIBY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde uagp35 ViaIde

Error - 21.07.2010 13:19:07 | Computer Name = TIBY | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 22.07.2010 05:08:12 | Computer Name = TIBY | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for K:\Program Files\Microsoft\Oomph\Microformats.dll.
Reference
error message: The operation completed successfully. .

Error - 22.07.2010 05:08:12 | Computer Name = TIBY | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for K:\Program Files\Microsoft\Oomph\Microformats.dll.
Reference
error message: The operation completed successfully. .

Error - 22.07.2010 07:31:07 | Computer Name = TIBY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde uagp35 ViaIde

Error - 22.07.2010 08:59:08 | Computer Name = TIBY | Source = Service Control Manager | ID = 7034
Description = The Windows Installer service terminated unexpectedly. It has done
this 1 time(s).

Error - 22.07.2010 08:59:20 | Computer Name = TIBY | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 SP1 Update for Windows Server
2003 and Windows XP x86 (KB982168).


< End of report >

Gmer
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-22 19:50:11
Windows 5.1.2600 Service Pack 3
Running: 9ie1k6nf.exe; Driver: K:\DOCUME~1\Familia\LOCALS~1\Temp\uxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB50CBA72]
SSDT \??\K:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xBA19AB30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xB50CC01E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xB50CDA82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xB50CD438]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xB50CB1E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB50CF3E4]
SSDT \??\K:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xBA19A6F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xB50CB62A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xB50CB82A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xB50CD744]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xB50CF8F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xB50CB940]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xB50CB9A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xB50CD5FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xB50CEEA8]
SSDT \??\K:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xBA19A470]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xB50CD294]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xB50CB34A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xB50CBC40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xB50CF40E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xB50CBB96]
SSDT \??\K:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xBA19AC50]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xB50CBA10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xB50CB714]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xB50CB4F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xB50CF110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xB50CAE6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xB50CE30C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xB50CAFCC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xB50CF7C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xB50CAC68]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xB50CD924]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xB50CBF18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xB50CEFA2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xB50CF438]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xB50CB3A0]
SSDT \??\K:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xBA19A990]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xB50CF51C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xB50CF648]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xB50CEDD4]
SSDT \??\K:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xBA19A8D0]
SSDT \??\K:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xBA19AD60]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B50E21E8 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B50E25A2 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C74 80504510 4 Bytes CALL 130551C6
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC4 80504860 12 Bytes [1C, F5, 0C, B5, 48, F6, 0C, ...]
.text K:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB7861360, 0x24526E, 0xE8000020]
.text tcpip.sys!IPTransmit + 10FC B500CD3A 6 Bytes CALL B9DF3CE0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 2A52 B500E690 6 Bytes CALL B9DF3CE0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPRegisterProtocol + 930 B5024454 6 Bytes CALL B9DF3CE0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys B92D73FD 7 Bytes CALL B9DF3E30 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- User code sections - GMER 1.0.15 ----

? K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[1552] K:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[1552] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 007E4503 K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\CLLDR.DLL
? K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[1788] K:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[1788] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 009C4503 K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\CLLDR.DLL

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\kl1 \Device\klick wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\kl1 \Device\kl1 wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\kl1 \Device\klnkd29 wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\kl1 \Device\Klop wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\kl1 \Device\klin wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\kl1 \Device\kimul36 wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3B8DDD87-15C2-032E-E80E-8F41BD54002E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3B8DDD87-15C2-032E-E80E-8F41BD54002E}@lajdlihmnmdmpjphebefnejh 0x64 0x62 0x6D 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3B8DDD87-15C2-032E-E80E-8F41BD54002E}@lalbcgpnippaikcnokmpgbba 0x64 0x62 0x6C 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3B8DDD87-15C2-032E-E80E-8F41BD54002E}@hamcpbjiaccidhlm 0x6A 0x61 0x65 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3B8DDD87-15C2-032E-E80E-8F41BD54002E}@hamcpbjifcjofmfk 0x6F 0x61 0x68 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3B8DDD87-15C2-032E-E80E-8F41BD54002E}@majdlihmnmdmpjphgbcelmejpj 0x64 0x61 0x62 0x6A ...

---- EOF - GMER 1.0.15 ----


#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,796 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:59 AM

Posted 24 July 2010 - 12:06 AM

Hi thetiby

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    :OTL
    O33 - MountPoints2\{24a47e92-db48-11dd-8b68-001a4d7f3254}\Shell\AUtoPlay\cOmmAnd - "" = rxkqve.exe
    O33 - MountPoints2\{24a47e92-db48-11dd-8b68-001a4d7f3254}\Shell\AutoRun\command - "" = rxkqve.exe
    O33 - MountPoints2\{24a47e92-db48-11dd-8b68-001a4d7f3254}\Shell\eXpLoRe\COmmand - "" = rxkqve.exe
    O33 - MountPoints2\{24a47e92-db48-11dd-8b68-001a4d7f3254}\Shell\OpeN\CommAND - "" = rxkqve.exe
    O33 - MountPoints2\{58bb73a6-14eb-11dd-8994-001a4d7f3254}\Shell\AutoRun\command - "" = I:\SnibJw.EXE -- File not found
    O33 - MountPoints2\{58bb73a6-14eb-11dd-8994-001a4d7f3254}\Shell\OpeN\CoMmAnD - "" = I:\SNIBJW.exE -- File not found
    @Alternate Data Stream - 134 bytes -> K:\Documents and Settings\All Users\Application Data\TEMP:E6F9610D
    @Alternate Data Stream - 127 bytes -> K:\Documents and Settings\All Users\Application Data\TEMP:98781370
    @Alternate Data Stream - 126 bytes -> K:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 100 bytes -> K:\Documents and Settings\All Users\Application Data\TEMP:EC800EE4

    :REG
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" =-
    "445:TCP" =-
    "137:UDP" =-
    "138:UDP" =-
    "1900:UDP" =-
    "2869:TCP" =-
    "1723:TCP" =-
    "1701:UDP" =-
    "500:UDP" =-

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" =-
    "2869:TCP" =-
    "139:TCP" =-
    "445:TCP" =-
    "137:UDP" =-
    "138:UDP" =-
    "14227:TCP" =-
    "14227:UDP" =-
    "1723:TCP" =-
    "1701:UDP" =-
    "500:UDP" =-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride" =-
    "FirewallOverride" =-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" =-
    "" =-

    :commands
    [emptytemp]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.
***************************************************

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link--> Virustotal

When the VirusTotal page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

K:\WINDOWS\system32\eappprxyw.dll

Please post back the URL of the results page for each file in your next post.

If VirusTotal is busy, try the same at Jotti

***************************************************
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
~Blade


In your next reply, please include the following:
OTL Fix log
Virustotal results URL
GooredFix log

Edited by Blade Zephon, 24 July 2010 - 12:09 AM.

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#7 thetiby

thetiby
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 24 July 2010 - 12:54 AM

Hi there,

Here are the results. Also, if you happen to give me the ALL CLEAN message, please include a short advice on how to stay away from this particular google redirect thing.

OTL_fix
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24a47e92-db48-11dd-8b68-001a4d7f3254}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24a47e92-db48-11dd-8b68-001a4d7f3254}\ not found.
File rxkqve.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24a47e92-db48-11dd-8b68-001a4d7f3254}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24a47e92-db48-11dd-8b68-001a4d7f3254}\ not found.
File rxkqve.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24a47e92-db48-11dd-8b68-001a4d7f3254}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24a47e92-db48-11dd-8b68-001a4d7f3254}\ not found.
File rxkqve.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24a47e92-db48-11dd-8b68-001a4d7f3254}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24a47e92-db48-11dd-8b68-001a4d7f3254}\ not found.
File rxkqve.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58bb73a6-14eb-11dd-8994-001a4d7f3254}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58bb73a6-14eb-11dd-8994-001a4d7f3254}\ not found.
File I:\SnibJw.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58bb73a6-14eb-11dd-8994-001a4d7f3254}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58bb73a6-14eb-11dd-8994-001a4d7f3254}\ not found.
File I:\SNIBJW.exE not found.
ADS K:\Documents and Settings\All Users\Application Data\TEMP:E6F9610D deleted successfully.
ADS K:\Documents and Settings\All Users\Application Data\TEMP:98781370 deleted successfully.
ADS K:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS K:\Documents and Settings\All Users\Application Data\TEMP:EC800EE4 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1723:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1701:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\500:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\14227:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\14227:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1723:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1701:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\500:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Familia
->Temp folder emptied: 68451475 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92106457 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 3708729 bytes
->Flash cache emptied: 5234 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 457566 bytes
->FireFox cache emptied: 5261231 bytes
->Apple Safari cache emptied: 634880 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 137592865 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3242235 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1849678 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 499486 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 299,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07242010_083039

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Could NOT find K:\WINDOWS\system32\eappprxyw.dll

Found eappprxy.dll though (closest match) : http://virusscan.jotti.org/en/scanresult/9...8ace1e169dbfa5e

GooredFix

GooredFix by jpshortstuff (03.07.10.1)
Log created at 08:44 on 24/07/2010 (Familia)
Firefox version 3.6.7 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

K:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:15 21/07/2010]

K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\32r4mcnw.default\extensions\
(none)

K:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\9tlnn9k0.default\extensions\
aboutme@test.mozilla.com [18:24 21/07/2010]
dummylipsum@sogame.cat [18:24 21/07/2010]
firebug@software.joehewitt.com [18:24 21/07/2010]
firedownload@mozilla.org [19:05 23/07/2010]
lazarus@interclue.com [18:24 21/07/2010]
multipletab@piro.sakura.ne.jp [18:24 21/07/2010]
silvermelxt@pardal.de [18:25 21/07/2010]
tineye@ideeinc.com [18:24 21/07/2010]
ubiquity@labs.mozilla.com [18:24 21/07/2010]
{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [18:24 21/07/2010]
{35106bca-6c78-48c7-ac28-56df30b51d2c} [18:24 21/07/2010]
{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [18:24 21/07/2010]
{446c03e0-2c35-11db-a98b-0800200c9a67} [18:24 21/07/2010]
{44d0a1b4-9c90-4f86-ac92-8680b5d6549e} [18:24 21/07/2010]
{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [18:24 21/07/2010]
{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [18:24 21/07/2010]
{566D6332-1439-43bf-857E-7AD5F137AD0C} [18:24 21/07/2010]
{6AC85730-7D0F-4de0-B3FA-21142DD85326} [18:24 21/07/2010]
{6D898772-AD34-4c16-86BB-9DE787A5DEA0} [18:25 21/07/2010]
{75CEEE46-9B64-46f8-94BF-54012DE155F0} [18:24 21/07/2010]
{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [18:24 21/07/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [18:24 21/07/2010]
{d47a9f51-8281-43fa-f450-f28ef8735e9a} [18:25 21/07/2010]
{D9CFDC5F-081E-420c-A108-A628AC2E556B} [18:25 21/07/2010]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [18:24 21/07/2010]
{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [18:24 21/07/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="K:\Program Files\Java\jre6\lib\deploy\jqs\ff" [11:28 01/04/2010]
"{20a82645-c095-46ed-80e3-08825760534b}"="K:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [11:44 22/07/2010]

-=E.O.F=-



#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,796 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:59 AM

Posted 24 July 2010 - 01:51 AM

How is the computer running? Still getting redirects?

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#9 thetiby

thetiby
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 24 July 2010 - 01:54 AM

My explorer.exe takes quite a lot of memory ~ 40.000 K . And yes, still getting redirected sad.gif. What next?

#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,796 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:59 AM

Posted 27 July 2010 - 01:53 AM

Hi thetiby.

Sorry for the delay. Let's try something else.

Please go to Add/Remove Programs and uninstall Firefox. Next, please search the computer for any files or folders related to Firefox and delete them. C:\Program Files\Mozilla Firefox is one that may be left behind, but please check for others. Then, please reinstall Firefox. Let me know if you continue to experience redirects after doing this.

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#11 thetiby

thetiby
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 27 July 2010 - 06:03 AM

Hi there,

Before coming here I've already tried it. But nonetheless, I tried it again now. Did the following:

- uninstalled Firefox; (removing preferences, all)
- deleted all associated files and registry (using Iobit software)
- cleaned all bad registry with CC Cleaner, and removed all tmp files, and restore points
- did a MBAM scan (again). found this

mbam-log-2010-07-27 (13-21-50):
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4335

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27.07.2010 13:21:50
mbam-log-2010-07-27 (13-21-50).txt

Scan type: Full scan (K:\|L:\|M:\|)
Objects scanned: 297942
Time elapsed: 2 hour(s), 0 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-deleted the infected registry as prompted
-restated PC
-installed an obsolete firefox version (3.0) and updated it using built in updater (haven't download manually)
-searched Google for 'test'; first result, redirected to 404 error. (after going briefly to hxxp://www.test.com/)
-queried Google for about 3-5 minutes after that, no redirects; doing some searches right now (I'm typing from another browser):
from about 8 different searches, 1 redirect; specifically: http://yourseekinfo.com/index.php?search=the%2Bmalware%2Btest where 'the%2Bmalware%2Btest' was my initial search; both redirects that occurred since reinstall were for hxxp://yourseekinfo.com/
although that redirected url works when you copy/paste it, it gave me 404 (like the first time), because somehow the ?search=the%2Bmalware%2Btest was added to Google's domain(it was a Google 404 page, like this one hxxp://www.google.ro/blabla, where blabla was replaced by the%2Bmalware%2Btes) - that's really weird, I think the redirect virus it's broken smile.gif - but still annoying.

I more occurrence of this bug, which just happened while queering Google again, is not going to any url at all (when clinking a result) and refreshing the page instead (if I click it again, same result; if I click it about 10 times in a row, patiently, it will finally work; sometimes opening in a new tab does the job; sometimes it doesn't; it's really really annoying)

Edited by Blade81, 27 July 2010 - 11:59 AM.


#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:59 PM

Posted 27 July 2010 - 12:00 PM

Hi,

Blade Zephon is on vacation so I will continue assisting you smile.gif

Let's check current situation.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

  • Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #13 thetiby

    thetiby
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:03:59 PM

    Posted 27 July 2010 - 12:03 PM

    Hi there,

    Thanks. before this, would it be ok to delete all the other stuff? (the OTL, GooredFix and GMER with their logs) - they're filling my desktop.

    #14 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:03:59 PM

    Posted 27 July 2010 - 12:06 PM

    Hi,

    You may delete OTL, GooredFix & GMER but let possible other things be there for now.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #15 thetiby

    thetiby
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:03:59 PM

    Posted 27 July 2010 - 12:12 PM

    OK, here they are:

    DDS

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Familia at 20:08:09,37 on 27.07.2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
    Microsoft Windows XP Professional 5.1.2600.3.1250.40.1033.18.2559.1753 [GMT 3:00]

    AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    ============== Running Processes ===============

    K:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    K:\WINDOWS\System32\svchost.exe -k netsvcs
    K:\WINDOWS\system32\spoolsv.exe
    K:\WINDOWS\system32\rundll32.exe
    K:\WINDOWS\Explorer.EXE
    K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    K:\Program Files\iTunes\iTunesHelper.exe
    K:\WINDOWS\system32\ctfmon.exe
    K:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    K:\Program Files\Desktop Lighter\DLighter.exe
    K:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    K:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    K:\Program Files\Bonjour\mDNSResponder.exe
    K:\Program Files\Java\jre6\bin\jqs.exe
    K:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    K:\WINDOWS\System32\nvsvc32.exe
    K:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    K:\Program Files\iPod\bin\iPodService.exe
    K:\WINDOWS\system32\svchost.exe -k imgsvc
    K:\Program Files\Wyzo\wyzo.exe
    K:\Documents and Settings\Familia\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    K:\Documents and Settings\Familia\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://wyzo.wyzostart.com/?cfg=2-47-0-1zQUa
    uSearch Page =
    uSearch Bar =
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: UIHost=k:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - k:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - k:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
    BHO: Microformats.Toolbar.1: {9e5b6e18-2f25-463c-87bf-4f6f6d706821} - k:\program files\microsoft\oomph\Microformats.dll
    BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - k:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - k:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - k:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - k:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
    EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - k:\program files\internet explorer\iedvtool.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] k:\windows\system32\ctfmon.exe
    uRun: [RocketDock] "k:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE k:\windows\system32\NvCpl.dll,NvStartup
    mRun: [AVP] "k:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [iTunesHelper] "k:\program files\itunes\iTunesHelper.exe"
    dRun: [CTFMON.EXE] k:\windows\system32\CTFMON.EXE
    mExplorerRun: [2D890] k:\program files\2d890\ -h
    StartupFolder: k:\docume~1\familia\startm~1\programs\startup\desktop lighter.lnk - k:\program files\desktop lighter\DLighter.exe
    IE: Download all by FlashGet3 - k:\documents and settings\familia\application data\flashgetbho\GetAllUrl.htm
    IE: Download by FlashGet3 - k:\documents and settings\familia\application data\flashgetbho\GetUrl.htm
    IE: E&xport to Microsoft Office Excel - k:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - k:\program files\messenger\msmsgs.exe
    IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - k:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
    IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - k:\program files\winhttrack\WinHTTrackIEBar.dll
    IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - k:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
    IE: {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - k:\program files\eltima software\flash decompiler trillix\iebt.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - k:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: Microsoft XML Parser for Java - file://k:\windows\java\classes\xmldso.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - k:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - k:\progra~1\common~1\skype\Skype4COM.dll
    Notify: klogon - k:\windows\system32\klogon.dll
    AppInit_DLLs: k:\progra~1\kaspersky lab\kaspersky anti-virus 2009\mzvkbd.dll,k:\progra~1\kaspersky lab\kaspersky anti-virus 2009\mzvkbd3.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
    LSA: Notification Packages = scecli scecli scecli

    ================= FIREFOX ===================

    FF - ProfilePath - k:\docume~1\familia\application data\mozilla\firefox\profiles\odr1luhw.default\
    FF - plugin: k:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
    FF - plugin: k:\documents and settings\familia\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: k:\documents and settings\familia\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: k:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: k:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: k:\program files\opera\program\plugins\npmio.dll
    FF - plugin: k:\program files\virtools\3d life player\npvirtools.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - k:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    k:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    k:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    k:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    k:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    k:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    k:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    k:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    k:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    k:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    k:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    k:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    k:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    k:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    k:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    k:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    k:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    k:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    k:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    k:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    k:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    k:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    k:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    k:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    k:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    k:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    k:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    k:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    k:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    k:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    k:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    k:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    k:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    k:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    k:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    k:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    k:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    k:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    k:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    k:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 kl1;Kl1;k:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
    R0 klbg;Kaspersky Lab Boot Guard Driver;k:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
    R0 pavboot;pavboot;k:\windows\system32\drivers\pavboot.sys [2010-7-22 28552]
    R0 ViBus;ViBus;k:\windows\system32\drivers\ViBus.sys [2008-1-28 16896]
    R0 ViPrt;VIA SATA IDE Device Driver;k:\windows\system32\drivers\ViPrt.sys [2008-1-28 52224]
    R1 KLIF;Kaspersky Lab Driver;k:\windows\system32\drivers\klif.sys [2010-6-24 213520]
    R2 AVP;Kaspersky Anti-Virus;k:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-7-29 208616]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;k:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-11-13 1021256]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;k:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;k:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;k:\windows\system32\drivers\viahduaa.sys [2008-1-21 205184]
    S2 gupdate1c96b4a7f31eca0;Google Update Service (gupdate1c96b4a7f31eca0);k:\program files\google\update\GoogleUpdate.exe [2008-12-31 133104]
    S3 FStarForce;FStarForce;k:\windows\system32\drivers\FStarForce.sys [2009-12-27 9216]
    S3 SwitchBoard;SwitchBoard;k:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S4 vsdatant;vsdatant; [x]

    =============== Created Last 30 ================

    2010-07-26 12:35:33 152547 ---h--w- K:\treeinfo.wc
    2010-07-26 12:21:00 0 d-----w- k:\program files\Bulk Image Downloader
    2010-07-24 05:30:39 0 d-----w- K:\_OTL
    2010-07-23 20:21:42 0 d-----w- k:\program files\Bonjour
    2010-07-22 19:45:03 0 d-----w- k:\docume~1\familia\application data\Acapela Group
    2010-07-22 19:43:02 0 d-----w- k:\program files\Xtranormal
    2010-07-22 19:42:10 0 d-----w- k:\docume~1\familia\application data\Xtranormal
    2010-07-22 11:42:54 0 d-----w- k:\windows\system32\XPSViewer
    2010-07-22 08:45:21 28552 ----a-w- k:\windows\system32\drivers\pavboot.sys
    2010-07-22 08:44:24 0 d-----w- k:\program files\Panda Security
    2010-07-21 17:34:54 0 d-----w- k:\docume~1\familia\application data\SUPERAntiSpyware.com
    2010-07-21 17:34:54 0 d-----w- k:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2010-07-21 16:10:29 0 d-----w- k:\docume~1\familia\application data\Malwarebytes
    2010-07-21 16:10:20 38224 ----a-w- k:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-21 16:10:19 0 d-----w- k:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-07-21 16:10:18 20952 ----a-w- k:\windows\system32\drivers\mbam.sys
    2010-07-21 16:10:18 0 d-----w- k:\program files\Malwarebytes' Anti-Malware
    2010-07-15 10:14:30 0 d-----w- k:\program files\MultipleIEs
    2010-07-14 18:18:01 744448 -c----w- k:\windows\system32\dllcache\helpsvc.exe
    2010-07-07 19:37:26 214720 ----a-w- k:\windows\system32\PnkBstrB.xtr
    2010-07-07 18:32:30 0 d-----w- k:\docume~1\familia\application data\id Software
    2010-07-07 18:32:17 0 d-----w- k:\docume~1\alluse~1\applic~1\id Software
    2010-06-29 16:25:17 0 d-----w- k:\program files\IndieVolume

    ==================== Find3M ====================

    2010-07-27 17:08:25 6424 --sha-w- k:\windows\system32\drivers\fidbox2.idx
    2010-07-27 17:08:13 942112 --sha-w- k:\windows\system32\drivers\fidbox2.dat
    2010-07-27 10:23:03 6340128 --sha-w- k:\windows\system32\drivers\fidbox.dat
    2010-07-27 10:23:03 52708 --sha-w- k:\windows\system32\drivers\fidbox.idx
    2010-07-10 12:46:45 98976 -c-ha-w- k:\windows\system32\mlfcache.dat
    2010-06-24 10:33:10 33808 ----a-w- k:\windows\system32\drivers\klbg.sys
    2010-06-24 10:32:43 113933 ----a-w- k:\windows\system32\drivers\klin.dat
    2010-06-24 10:32:42 97549 ----a-w- k:\windows\system32\drivers\klick.dat
    2010-06-18 13:49:58 286720 ------w- k:\windows\Setup1.exe
    2010-06-13 09:03:55 8216 ----a-w- k:\windows\system32\secushr.dat
    2010-06-12 20:31:34 110592 --sha-r- k:\windows\system32\eappprxyw.dll
    2010-05-18 13:35:16 91424 ----a-w- k:\windows\system32\dnssd.dll
    2010-05-18 13:35:16 75040 ----a-w- k:\windows\system32\jdns_sd.dll
    2010-05-18 13:35:16 197920 ----a-w- k:\windows\system32\dnssdX.dll
    2010-05-18 13:35:16 107808 ----a-w- k:\windows\system32\dns-sd.exe
    2010-05-06 10:41:53 916480 ----a-w- k:\windows\system32\wininet.dll
    2010-05-02 05:22:50 1851264 ----a-w- k:\windows\system32\win32k.sys
    2009-09-08 13:45:40 80 -csh--r- k:\windows\system32\2693A5742F.dll
    2008-01-17 14:04:03 56 -csha-r- k:\windows\system32\E59A23296C.sys
    2008-01-17 14:04:03 2828 -csha-w- k:\windows\system32\KGyGaAvL.sys
    2010-01-02 13:40:52 245760 --sha-w- k:\windows\system32\config\systemprofile\ietldcache\index.dat

    ============= FINISH: 20:09:10,65 ===============

    Attach

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume3
    Install Date: 18.01.2008 21:37:24
    System Uptime: 27.07.2010 13:23:20 (7 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. | | VM900M
    Processor: Intel® Pentium® D CPU 2.66GHz | Socket 775 | 2679/133mhz

    ==== Disk Partitions =========================

    G: is CDROM ()
    H: is CDROM ()
    K: is FIXED (NTFS) - 15 GiB total, 1,345 GiB free.
    L: is FIXED (NTFS) - 24 GiB total, 1,949 GiB free.
    M: is FIXED (NTFS) - 31 GiB total, 15,324 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&71586A9&0&2099
    Manufacturer: Realtek
    Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&71586A9&0&2099
    Service: rtl8139

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Microsoft Loopback Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Microsoft
    Name: Microsoft Loopback Adapter
    PNP Device ID: ROOT\NET\0000
    Service: msloop

    ==== System Restore Points ===================

    RP40: 22.07.2010 20:54:09 - Removed Boks
    RP41: 22.07.2010 20:54:09 - Removed Bonjour
    RP42: 22.07.2010 20:54:08 - Removed FontSelector
    RP43: 22.07.2010 20:54:08 - Removed iPhone Configuration Utility
    RP44: 22.07.2010 20:54:08 - Removed Microsoft .NET Compact Framework 2.0 SP2
    RP45: 22.07.2010 20:54:08 - Removed Microsoft .NET Framework 1.1
    RP46: 22.07.2010 20:54:08 - Removed Microsoft .NET Framework 3.0 Service Pack 2
    RP47: 22.07.2010 20:54:08 - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    RP48: 22.07.2010 20:54:08 - Removed Microsoft Visual C++ 2005 Redistributable
    RP49: 22.07.2010 20:54:08 - Removed MobileMe Control Panel
    RP50: 22.07.2010 20:54:07 - Software Distribution Service 3.0
    RP51: 22.07.2010 20:54:07 - Software Distribution Service 3.0
    RP52: 22.07.2010 20:54:07 - Software Distribution Service 3.0
    RP53: 27.07.2010 10:38:49 - OTL Restore Point
    RP54: 27.07.2010 10:38:21 - Removed Virtual Desktop Manager Powertoy for Windows XP
    RP55: 27.07.2010 10:38:45 - Removed Xtranormal State - Showpak-Playgoz-Preview
    RP56: 27.07.2010 10:38:42 - Removed Xtranormal State - SoundPack-Starter Kit
    RP57: 27.07.2010 10:38:39 - Removed Xtranormal State - Voicepack-English-UK-Daniel
    RP58: 27.07.2010 10:38:36 - Removed Xtranormal State - Voicepack-English-UK-Serena
    RP59: 27.07.2010 10:38:31 - Removed Xtranormal State - Voicepack-English-US-Samantha
    RP60: 27.07.2010 10:38:25 - Removed Xtranormal State
    RP61: 25.07.2010 12:32:03 - System Checkpoint
    RP62: 27.07.2010 19:29:23 - System Checkpoint

    ==== Installed Programs ======================

    3D Lake Cabin Full Screen Saver
    3D Snowy Cottage Full Screen Saver
    3DVIA player 5.0
    4Easysoft Nokia Video Converter
    AC Tool
    Adobe AIR
    Adobe Color Common Settings
    Adobe Community Help
    Adobe Creative Suite 5 Master Collection
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader 8.2.3
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe SVG Viewer 3.0
    Advanced PDF to HTML converter 1.9.9.16
    Advanced SystemCare 3
    AlwaysOnTop Web Browser 1.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AudioConvert
    Belarc Advisor 8.1
    Bonjour
    CCleaner
    CDisplay 1.8
    Cheat Engine 5.6
    Compatibility Pack for the 2007 Office system
    Decoder
    Desktop Lighter
    DivX Setup
    Duplicate Cleaner 1.4.3
    Expresso
    Flash Decompiler Trillix
    FlashGet 3.3
    Free 3D Aquarium Screensaver
    Free 3D Valley Screensaver 1.0
    Free Hogwarts Screensaver 1.0
    Google Chrome
    Google Talk (remove only)
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Drive Key Boot Utility
    HP USB Disk Storage Format Tool
    ImgBurn
    Infinite Password Generator 3.1
    Internet Explorer Developer Toolbar
    iPod Reset Utility
    iTunes
    Japanese Language Support
    Java 2 Runtime Environment, SE v1.4.2_01
    Java Auto Updater
    Java™ 6 Update 19
    Kaspersky Anti-Virus 2009
    Lake Scenes Full Screen Saver
    M-Audio Series II MIDI
    Magic ISO Maker v5.5 (build 0276)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft AppLocale
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Windows Application Compatibility Database
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Moonlight Lake Premium Screen Saver
    Mozilla Firefox (3.6.8)
    MPlayer for Windows (Full Package)
    MSVC80_x86
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    MultipleIEs
    MySQL Tools for 5.0
    Nokia Connectivity Cable Driver
    Notepad++
    NVIDIA Drivers
    NVIDIA PhysX
    Oomph: Microformats Tools
    Opera 9.61
    Pack Vista Inspirat 2 1.0
    Panda ActiveScan 2.0
    PDF Settings CS5
    Platform
    PowerISO
    Quake Live Mozilla Plugin
    QuickTime
    Realtek High Definition Audio Driver
    Română cu Alt dreapta (cu sedile) - diacritice.ro
    Safari
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980232)
    Sib Cursor Editor
    Skype™ 4.0
    SmartOCR Lite Edition 1.0
    Spelling Dictionaries Support For Adobe Reader 8
    Sygate Personal Firewall Pro
    TeXaide 4
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-US)
    Unity Web Player
    Unlocker 1.8.6
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Manager
    VC80CRTRedist - 8.0.50727.4053
    Veoh Web Player
    VIA Platform Device Manager
    VIA Rhine-Family Fast Ethernet Adapter
    VLC media player 0.9.8a
    WebFldrs XP
    WinAce Archiver
    Winamp
    Windows Driver Package - Nokia Modem (05/22/2008 3.8)
    Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows XP Service Pack 3
    WinHTTrack Website Copier 3.42-2
    WinRAR archiver
    Wyzo
    XAMPP 1.7.1
    Xara3D6
    Xvid 1.2.1 final uninstall
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    24.07.2010 08:30:40, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    24.07.2010 08:30:39, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
    24.07.2010 08:30:39, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    24.07.2010 08:30:39, error: Service Control Manager [7034] - The M-Audio Series II MIDI Installer service terminated unexpectedly. It has done this 1 time(s).
    24.07.2010 08:30:39, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    24.07.2010 08:30:39, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    24.07.2010 08:30:39, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22.07.2010 19:12:43, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
    22.07.2010 15:59:20, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168).
    22.07.2010 15:59:08, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
    21.07.2010 20:19:07, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
    21.07.2010 19:30:53, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde uagp35 ViaIde
    21.07.2010 07:40:21, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'i386' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
    20.07.2010 08:42:35, error: SideBySide [59] - Generate Activation Context failed for K:\Program Files\Microsoft\Oomph\Microformats.dll. Reference error message: The operation completed successfully. .
    20.07.2010 07:32:21, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'desktop.ini' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.

    ==== End Of File ===========================





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users