Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

anti-malware doctor problem and security tools


  • This topic is locked This topic is locked
1 reply to this topic

#1 greencommunism

greencommunism

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 30 August 2010 - 09:14 PM

hello i have been having problems with malware doctor and the like, it happened because i needed to download a pdf to doc converter to print and many of them are filled with spywares and such.

do you want an hijackthis log? i followed some of the other thread, but i cant downlaod combofix for some reason because of the constant redirection, while doing hijackthis i removed the most obvious one but left the others there.

here's the hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:37:05 PM, on 8/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\dan\LOCALS~1\Temp\Dby.exe
C:\WINDOWS\Dsucib.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13920&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\6.0.472.51\npchrome_frame.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OTGV1DNWQQ] C:\DOCUME~1\dan\LOCALS~1\Temp\Dbz.exe
O4 - HKCU\..\Run: [XBV6RD5SZF] C:\DOCUME~1\dan\LOCALS~1\Temp\Dby.exe
O4 - HKLM\..\Policies\Explorer\Run: [FOLV] rundll32 "C:\WINDOWS\system32\rsfsaps9.dll",Spms
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1255021565328
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27A48910-8AE2-483D-A2ED-ED017B5A4484}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{63E27C41-4966-4C66-8311-13DFAFD283A0}: NameServer = 142.217.192.8,192.168.137.1
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\6.0.472.51\npchrome_frame.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7433 bytes

here is the OTL.txt










OTL logfile created on: 8/30/2010 10:38:56 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 7.40 Gb Free Space | 15.16% Space Free | Partition Type: NTFS
Drive D: | 547.33 Gb Total Space | 7.69 Gb Free Space | 1.40% Space Free | Partition Type: NTFS
Drive E: | 117.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAN-367DE5989A0
Current User Name: dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\dan\Local Settings\temp\Dby.exe (OpenSC Project)
PRC - C:\WINDOWS\Dsucib.exe (OpenSC Project)
PRC - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe (D-Link)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (DAUpdaterSvc) -- D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (RPCQT) Remote Procedure Call (CQTPM) -- C:\WINDOWS\system32\Rpcqt.dll (Safer Networking Limited )
SRV - (PDFProFiltSrv) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (jswpsapi) -- C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (lxddCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe ()
SRV - (lxdd_device) -- C:\WINDOWS\System32\lxddcoms.exe ( )
SRV - (ANIWZCSdService) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)


========== Driver Services (SafeList) ==========

DRV - (ossrv) -- C:\WINDOWS\System32\drivers\ctoss2k.sys File not found
DRV - (GarenaPEngine) -- C:\DOCUME~1\dan\LOCALS~1\Temp\QEX74D.tmp File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (aaudstum) -- C:\DOCUME~1\dan\LOCALS~1\Temp\aaudstum.sys File not found
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
DRV - (V0420VID) Live! Cam Vista IM (VF0420) -- C:\WINDOWS\system32\drivers\V0420Vid.sys (Creative Technology Ltd.)
DRV - (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) -- C:\WINDOWS\system32\drivers\A3AB.sys (D-Link Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13920&l=dis
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.8.0552
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/08 00:08:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/24 12:10:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/30 21:28:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/16 03:20:21 | 000,000,000 | ---D | M]

[2009/04/30 18:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Mozilla\Extensions
[2009/04/30 18:56:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dan\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/08/30 21:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\npco41te.default\extensions
[2010/06/15 01:40:26 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\npco41te.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/04/30 20:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\npco41te.default\extensions\DTToolbar@toolbarnet.com
[2010/05/20 23:15:31 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\npco41te.default\searchplugins\ask.xml
[2009/04/30 20:49:37 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\dan\Application Data\Mozilla\Firefox\Profiles\npco41te.default\searchplugins\daemon-search.xml
[2010/08/30 21:21:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/20 23:15:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/05/03 22:01:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/01 13:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 13:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/13 17:55:22 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2008/11/11 03:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/05/08 00:07:28 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/13 17:54:50 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/05/26 22:18:22 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/04/01 13:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/12/21 19:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/04/13 21:09:20 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2010/06/13 00:51:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/06/13 00:51:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/06/13 00:51:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/06/13 00:51:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/06/13 00:51:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/06/13 00:51:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/06/13 00:51:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/04/13 21:10:10 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2010/04/13 21:09:06 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/05/13 17:55:22 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2010/04/01 11:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 11:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 11:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 11:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 11:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 11:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 11:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/08/30 22:28:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\6.0.472.51\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OTGV1DNWQQ] C:\Documents and Settings\dan\Local Settings\temp\Dbz.exe (OpenSC Project)
O4 - HKCU..\Run: [XBV6RD5SZF] C:\Documents and Settings\dan\Local Settings\temp\Dby.exe (OpenSC Project)
O4 - Startup: C:\Documents and Settings\dan\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: FOLV = rundll32 "C:\WINDOWS\system32\rsfsaps9.dll",Spms ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1255021565328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.217.192.8 24.212.0.7
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\6.0.472.51\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - C:\WINDOWS\System32\cryptnet32.dll ()
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/30 18:11:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/30 22:35:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/30 22:33:55 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\WINDOWS\Dsucib.exe
[2010/08/30 22:31:49 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/08/30 22:31:49 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/08/30 22:31:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/08/30 22:31:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/30 22:25:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/30 22:21:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/30 22:21:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/30 22:21:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/30 22:21:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/30 22:21:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/30 22:20:13 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/08/30 22:19:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/30 22:09:40 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\WINDOWS\Dsucia.exe
[2010/08/30 22:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\Application Data\Malwarebytes
[2010/08/30 21:47:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/30 21:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/30 21:47:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/30 21:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/30 21:26:08 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Extractor
[2010/08/30 13:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\Application Data\Avira
[2010/08/30 13:17:58 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/08/30 13:17:58 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/08/30 13:17:58 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/08/30 13:17:58 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/08/30 13:17:58 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/08/30 13:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/08/30 13:15:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/08/30 12:58:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/30 11:59:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe
[2010/08/30 08:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\Application Data\Quark
[2010/08/30 08:09:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Color
[2010/08/30 08:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Quark
[2010/08/30 08:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Quark
[2010/08/26 21:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\Desktop\New Folder (2)
[2010/08/24 23:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\Local Settings\Application Data\Scansoft
[2010/08/20 16:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\Application Data\Zeon
[2010/08/20 16:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/08/20 16:04:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/08/20 16:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/08/20 16:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/08/20 16:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2010/08/20 16:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2010/08/20 16:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2010/08/20 15:36:14 | 000,000,000 | ---D | C] -- C:\downloads
[2010/08/20 15:05:40 | 000,438,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mshflxgd.ocx
[2010/08/20 15:05:37 | 000,108,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mswinsck.ocx
[2010/08/20 15:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\DocSmartzPro
[2010/08/20 12:37:03 | 000,196,608 | ---- | C] (Software Depot Online) -- C:\WINDOWS\System32\Utility.dll
[2010/08/20 12:37:03 | 000,117,507 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.ocx
[2010/08/20 12:36:58 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2010/08/20 12:36:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\gs
[2010/08/18 20:25:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/08/17 07:57:45 | 000,000,000 | ---D | C] -- C:\New Folder
[2010/08/12 10:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\Application Data\gtk-2.0
[2010/08/12 10:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\.thumbnails
[2010/08/12 10:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\.gimp-2.6
[2010/08/12 10:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\My Documents\gegl-0.0
[2010/08/12 10:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/08/12 03:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\Application Data\Hamachi
[2010/08/12 03:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hamachi
[2010/08/11 01:50:53 | 000,000,000 | ---D | C] -- C:\PCI
[2010/08/11 01:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Trial
[2010/08/10 01:18:33 | 000,811,008 | ---- | C] (Pizzolato Davide - www.xdp.it) -- C:\WINDOWS\System32\cximage.dll
[2010/08/10 01:18:33 | 000,282,624 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0420CVW.crl
[2010/08/10 01:18:33 | 000,278,528 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0420CVW.dll
[2010/08/10 01:18:33 | 000,099,648 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\V0420Vid.sys
[2010/08/10 01:18:33 | 000,040,960 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0420Pin.dll
[2010/08/10 01:18:33 | 000,032,768 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\V0420Mon.exe
[2010/08/10 01:18:33 | 000,032,768 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0420Hwx.dll
[2010/08/10 01:18:33 | 000,020,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CtCamPin.crl
[2010/08/09 00:46:12 | 000,000,000 | ---D | C] -- C:\games
[2010/08/09 00:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Net-Games
[2010/08/09 00:34:46 | 000,000,000 | ---D | C] -- C:\fsgs
[2010/08/08 23:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/08 23:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/08 20:40:43 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.DLL
[2010/08/02 12:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dan\My Documents\StarCraft II
[2010/04/25 16:42:05 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2010/04/25 16:42:05 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2010/04/25 16:42:05 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2010/04/25 16:42:05 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2010/04/25 16:42:05 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2010/04/25 16:42:04 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2010/04/25 16:42:04 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2010/04/25 16:42:04 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2010/04/25 16:42:04 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2010/04/25 16:42:04 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2010/04/25 16:42:04 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2010/04/25 16:42:04 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2009/05/01 17:15:16 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/30 22:38:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-527237240-1417001333-1003UA.job
[2010/08/30 22:36:18 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\dan\NTUSER.DAT
[2010/08/30 22:36:02 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/30 22:34:14 | 000,295,573 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
[2010/08/30 22:34:01 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/30 22:33:51 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\WINDOWS\Dsucib.exe
[2010/08/30 22:33:44 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\cryptnet32.dll
[2010/08/30 22:31:32 | 000,015,272 | ---- | M] () -- C:\Documents and Settings\dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/30 22:29:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/30 22:29:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/08/30 22:28:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/30 22:28:55 | 000,000,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/08/30 22:28:53 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/30 22:28:53 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-527237240-1417001333-1003.job
[2010/08/30 22:28:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/30 22:28:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/30 22:25:04 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2010/08/30 22:19:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/30 22:09:35 | 000,075,776 | RHS- | M] () -- C:\WINDOWS\System32\rsfsaps9.dll
[2010/08/30 22:09:34 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\WINDOWS\Dsucia.exe
[2010/08/30 21:52:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\dan\ntuser.ini
[2010/08/30 21:47:30 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/30 13:18:13 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/08/30 12:21:30 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/30 12:21:30 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010/08/30 12:06:17 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2010/08/30 11:47:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/30 08:46:28 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/08/30 08:30:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/30 06:01:02 | 000,116,224 | ---- | M] () -- C:\Documents and Settings\dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/29 23:38:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-527237240-1417001333-1003Core.job
[2010/08/29 06:20:33 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-527237240-1417001333-1003.job
[2010/08/29 04:26:01 | 000,019,052 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\ori_pro_464602_6260.jpg
[2010/08/29 04:25:55 | 000,018,965 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\ori_pro_464602_65407.jpg
[2010/08/25 00:48:48 | 000,000,252 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\New Wordpad Document (23).doc
[2010/08/24 23:32:17 | 000,103,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/21 01:06:43 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\adresse du gars du parti communiste.doc
[2010/08/20 16:05:05 | 000,000,358 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/08/20 15:36:37 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\dan\Application Data\Microsoft\Internet Explorer\Quick Launch\AnyBizSoft PDF to Word.lnk
[2010/08/20 15:10:26 | 000,000,317 | ---- | M] () -- C:\WINDOWS\pdf2word.INI
[2010/08/20 14:14:55 | 000,010,752 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/08/19 17:18:11 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{63E27C41-4966-4C66-8311-13DFAFD283A0}
[2010/08/18 19:54:20 | 004,768,768 | -H-- | M] () -- C:\Documents and Settings\dan\Local Settings\Application Data\IconCache.db
[2010/08/18 18:09:42 | 000,005,863 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\my qualms about lnsg.doc
[2010/08/18 08:02:18 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\mon tit rap.doc
[2010/08/13 03:03:34 | 000,000,545 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\StarCraft.lnk
[2010/08/12 10:35:26 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\dan\.recently-used.xbel
[2010/08/12 10:31:58 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/08/12 03:48:43 | 000,017,480 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys
[2010/08/12 03:35:07 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\Garena.lnk
[2010/08/12 01:59:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\New Wordpad Document (22).doc
[2010/08/11 02:24:01 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 02:24:01 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 02:24:01 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 01:46:10 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\World of Warcraft Trial.lnk
[2010/08/11 01:40:41 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/08/11 01:40:41 | 000,001,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/08/09 00:35:11 | 000,000,516 | ---- | M] () -- C:\Documents and Settings\dan\Application Data\Microsoft\Internet Explorer\Quick Launch\FSGS (Free Standard Game Server).lnk
[2010/08/09 00:35:11 | 000,000,498 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\FSGS (Free Standard Game Server).lnk
[2010/08/08 22:19:18 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\New Wordpad Document (21).doc
[2010/08/07 23:23:45 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/07 00:47:02 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/08/07 00:22:52 | 000,003,811 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\New Wordpad Document (20).doc
[2010/08/06 04:17:50 | 000,051,680 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\moi.JPG
[2010/08/06 04:17:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\New Bitmap Image (2).bmp
[2010/08/02 12:35:16 | 000,000,607 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\StarCraft II.lnk
[2010/08/01 17:47:14 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\dan\Desktop\New Wordpad Document (17).doc
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/30 22:34:01 | 000,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/30 22:33:52 | 000,000,242 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/30 22:33:44 | 000,295,573 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2010/08/30 22:33:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\cryptnet32.dll
[2010/08/30 22:25:04 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/08/30 22:25:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/08/30 22:21:54 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/30 22:21:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/30 22:21:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/30 22:21:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/30 22:21:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/30 22:09:35 | 000,075,776 | RHS- | C] () -- C:\WINDOWS\System32\rsfsaps9.dll
[2010/08/30 22:09:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/30 21:47:30 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/30 13:18:13 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/08/29 04:26:01 | 000,019,052 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\ori_pro_464602_6260.jpg
[2010/08/29 04:25:55 | 000,018,965 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\ori_pro_464602_65407.jpg
[2010/08/25 00:48:40 | 000,000,252 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\New Wordpad Document (23).doc
[2010/08/20 16:04:59 | 000,000,358 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/08/20 15:09:30 | 000,000,317 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2010/08/20 14:14:46 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/08/20 12:37:03 | 000,051,604 | ---- | C] () -- C:\WINDOWS\System32\Adist5k.ppd
[2010/08/20 12:36:58 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2010/08/13 03:03:34 | 000,000,545 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\StarCraft.lnk
[2010/08/12 10:35:26 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\dan\.recently-used.xbel
[2010/08/12 10:31:58 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/08/12 01:59:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\New Wordpad Document (22).doc
[2010/08/11 02:23:04 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{63E27C41-4966-4C66-8311-13DFAFD283A0}
[2010/08/11 01:46:10 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\World of Warcraft Trial.lnk
[2010/08/10 01:18:33 | 000,195,215 | ---- | C] () -- C:\WINDOWS\System32\V0420Cvw.bff
[2010/08/10 01:18:33 | 000,057,656 | ---- | C] () -- C:\WINDOWS\System32\V0420PC.bmp
[2010/08/10 01:18:33 | 000,022,951 | ---- | C] () -- C:\WINDOWS\System32\V0420PC.jpg
[2010/08/10 01:18:33 | 000,005,022 | ---- | C] () -- C:\WINDOWS\VF0420.uns
[2010/08/09 00:35:11 | 000,000,516 | ---- | C] () -- C:\Documents and Settings\dan\Application Data\Microsoft\Internet Explorer\Quick Launch\FSGS (Free Standard Game Server).lnk
[2010/08/09 00:35:11 | 000,000,498 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\FSGS (Free Standard Game Server).lnk
[2010/08/08 13:44:42 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\New Wordpad Document (21).doc
[2010/08/06 04:17:50 | 000,051,680 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\moi.JPG
[2010/08/06 04:17:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\New Bitmap Image (2).bmp
[2010/08/03 13:13:22 | 000,003,811 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\New Wordpad Document (20).doc
[2010/08/02 12:24:03 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\StarCraft II.lnk
[2010/08/01 00:37:11 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\dan\Desktop\New Wordpad Document (17).doc
[2010/05/20 03:45:17 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/05/20 03:43:47 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/04/25 16:44:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2010/04/25 16:44:37 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2010/04/25 16:43:07 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2010/04/25 16:43:07 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2010/04/25 16:43:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2010/04/25 16:42:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2010/04/25 16:42:05 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2010/04/25 16:42:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2010/04/15 13:52:31 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/01/28 15:09:28 | 000,000,399 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/01/24 10:49:05 | 000,453,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/02 16:45:39 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll
[2009/12/02 16:45:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/24 20:06:40 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/10/11 02:15:33 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/09/23 16:02:01 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/28 17:42:06 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/05/01 17:15:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009/05/01 05:50:49 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/05/01 05:50:49 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/05/01 05:50:49 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/04/30 20:16:00 | 000,116,224 | ---- | C] () -- C:\Documents and Settings\dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005/10/14 05:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 05:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 05:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 05:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 05:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 05:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 05:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 05:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

========== LOP Check ==========

[2009/05/01 19:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/04/17 13:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2009/04/30 20:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/20 16:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/08/30 08:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quark
[2010/08/20 16:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/06/19 09:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smart Soft
[2010/04/18 05:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/08/20 16:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2009/12/03 21:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Black Sea Studios
[2009/05/01 05:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\DAEMON Tools Lite
[2010/08/30 08:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\DC++
[2010/06/15 16:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Gearbox Software
[2010/08/12 10:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\gtk-2.0
[2010/04/19 06:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Leadertech
[2010/04/25 17:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Lexmark Productivity Studio
[2010/06/13 21:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\MP3Rocket
[2010/04/18 05:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Publish Providers
[2010/08/30 08:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Quark
[2010/03/19 06:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Red Alert 3
[2010/06/19 09:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Smart PDF Converter
[2010/04/18 05:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Sony
[2009/05/02 09:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\SSH
[2010/04/15 13:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\SystemRequirementsLab
[2010/07/09 21:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Trillian
[2010/08/30 08:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\uTorrent
[2010/08/20 16:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dan\Application Data\Zeon
[2010/08/30 22:29:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[2010/08/30 22:36:02 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/30 22:34:01 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

========== Purity Check ==========


< End of report >

here is the extras.txt





OTL Extras logfile created on: 8/30/2010 10:38:56 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 7.40 Gb Free Space | 15.16% Space Free | Partition Type: NTFS
Drive D: | 547.33 Gb Total Space | 7.69 Gb Free Space | 1.40% Space Free | Partition Type: NTFS
Drive E: | 117.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAN-367DE5989A0
Current User Name: dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8061:TCP" = 8061:TCP:*:Enabled:BitComet 8061 TCP
"8061:UDP" = 8061:UDP:*:Enabled:BitComet 8061 UDP
"6112:TCP" = 6112:TCP:*:Enabled:frozen throne
"6112:UDP" = 6112:UDP:*:Enabled:udp
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\dan\Desktop\utorrent.exe" = C:\Documents and Settings\dan\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\aMSN\bin\wish.exe" = C:\Program Files\aMSN\bin\wish.exe:*:Enabled:Wish Application -- (ActiveState Corporation)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"D:\Games\Heroes of Might and Magic III Complete\Heroes3.exe" = D:\Games\Heroes of Might and Magic III Complete\Heroes3.exe:*:Enabled:Heroes of Might and Magic® III -- (The 3DO Company)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"D:\Games\BGII - SoA\BGMain.exe" = D:\Games\BGII - SoA\BGMain.exe:*:Enabled:Baldur's Gate II - Shadows of Amn - Throne of Bhaal -- (BioWare Corp.)
"D:\Games\Baldur's gate ii tutu\BGMain.exe" = D:\Games\Baldur's gate ii tutu\BGMain.exe:*:Enabled:Baldur's Gate II - Shadows of Amn - Throne of Bhaal -- (BioWare Corp.)
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"D:\Games\gta 4\Rockstar Games Social Club\RGSCLauncher.exe" = D:\Games\gta 4\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"D:\downloads\Duke.Nukem.3D.Atomic.Edition.High.Resolution.v10.8-MasterFaster\Duke.Nukem.3D.Atomic.Edition.High.Resolution.v10.8-MasterFaster\dn3d_hrp-4.2.020_29-11-2009\Duke3dw.exe" = D:\downloads\Duke.Nukem.3D.Atomic.Edition.High.Resolution.v10.8-MasterFaster\Duke.Nukem.3D.Atomic.Edition.High.Resolution.v10.8-MasterFaster\dn3d_hrp-4.2.020_29-11-2009\Duke3dw.exe:*:Enabled:Duke3dw -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Games\Dragon Age\bin_ship\daorigins.exe" = D:\Games\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"D:\Games\Dragon Age\DAOriginsLauncher.exe" = D:\Games\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe" = D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:2500 Series Server -- ( )
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application -- ()
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Device Monitor Application -- ()
"C:\Program Files\Ynhub\YnHub_1.036.152\YnHub.exe" = C:\Program Files\Ynhub\YnHub_1.036.152\YnHub.exe:*:Enabled:YnHub 1.036 -- (-)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddwbgw.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Psi\Psi.exe" = C:\Program Files\Psi\Psi.exe:*:Enabled:Psi -- ()
"D:\Games\StarCraft II\StarCraft II.exe" = D:\Games\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\fsgs\FSGS.exe" = C:\fsgs\FSGS.exe:*:Enabled:Free Standard Game Server -- (NetGames AG www.net-games.com)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"D:\Games\StarCraft II\Versions\Base15405\SC2.exe" = D:\Games\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: -- ()
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08E9C35A-A0AE-43FA-AEA1-E4F58A87FBD1}" = Arcanum
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2BAE6A53-E241-11D5-873A-0050DABC2539}" = Tropico: Paradise Island
"{329BF75E-4876-4687-9CAD-5AE7DE56EA22}" = The Punisher
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44A69352-33DD-405E-ADB8-2D768643BBAE}_is1" = AnyBizSoft PDF to Word (Build 3.0.0)
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set
"{69464949-AD9C-4C98-933F-C32FFC86F3C8}" = Doomsday
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7911C404-9AFA-4BB2-B9B7-E47423D87528}" = Knights Of Honor
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92B24EFB-8A84-4D1A-9C67-AAB70B616033}" = Net-Games FSGS Connect
"{93DA8968-092B-4E6F-B568-AB8471952143}" = Warlords Battlecry III
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate™ II - Throne of Bhaal ™
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C38C985C-266A-4CEE-BEC3-1A4270F09FD4}" = Wireless G WDA-1320
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}" = Command & Conquer™ Red Alert™ 3 Uprising
"{EBFF3839-5A5B-400A-B8A2-4A627C4B29B4}" = Nuance PDF Professional 5
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FF0B0792-F6E7-4627-B820-EA50617E223B}" = QuarkXPress 6.0
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Ace MP3 To WAV Converter" = Ace MP3 To WAV Converter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"aMSN" = aMSN 0.98.3
"Ask Toolbar_is1" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"ATMA V" = ATMA V 5.05
"Baldur's Gate Tutu" = Baldur's Gate Tutu
"Belarc Advisor" = Belarc Advisor 8.1
"BrothersInArms" = Brothers In Arms
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Computer Alarm Clock" = Computer Alarm Clock
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative VF0420" = Creative Live! Cam Vista IM (VF0420) Driver (1.01.01.00)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DC++" = DC++ 0.750
"Diablo" = Diablo
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DocSmartz Pro v7.1" = DocSmartz Pro v7.1
"Emperor" = Emperor: Battle For Dune
"Fallout2" = Fallout2
"FLV Player_is1" = Free FLV Player V0.05
"FSGS (Free Standard Game Server)" = FSGS (Free Standard Game Server)
"Garena" = Garena 2010
"Google Chrome Frame" = Google Chrome Frame
"Hamachi" = Hamachi 1.0.1.5
"Hellfire" = Hellfire
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"Lexmark 2500 Series" = Lexmark 2500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MechCommander2 1.0" = Microsoft MechCommander 2
"MercsTitaniumUninstallKey" = Ghost Bear's Legacy: Titanium edition
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP3 Rocket" = MP3 Rocket
"Mp3_File_Editor_5" = Mp3 File Editor 5.11 (standard)
"Nox" = Nox
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Psi" = Psi (remove only)
"RealPlayer 12.0" = RealPlayer
"Shogun Total War - Warlord Edition" = Shogun - Total War - Warlord Edition
"Sierra Utilities" = Sierra Utilities
"Smart PDF Converter_is1" = Smart PDF Converter 5.0.1.335
"ST6UNST #1" = Hero Editor V1.03
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"SystemRequirementsLab" = System Requirements Lab
"Trillian" = Trillian
"Universal Extractor_is1" = Universal Extractor 1.6.1
"VLC media player" = VLC media player 1.0.5
"Warkeys" = Warkeys 1.15.8.0b
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo" = Diablo
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products
"World of Warcraft Trial" = World of Warcraft Trial

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2010 10:27:08 PM | Computer Name = DAN-367DE5989A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/30/2010 10:27:08 PM | Computer Name = DAN-367DE5989A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/30/2010 10:27:08 PM | Computer Name = DAN-367DE5989A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/30/2010 10:27:08 PM | Computer Name = DAN-367DE5989A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/30/2010 10:27:08 PM | Computer Name = DAN-367DE5989A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/30/2010 10:27:08 PM | Computer Name = DAN-367DE5989A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/30/2010 10:27:08 PM | Computer Name = DAN-367DE5989A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/30/2010 10:27:08 PM | Computer Name = DAN-367DE5989A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/30/2010 10:27:08 PM | Computer Name = DAN-367DE5989A0 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/30/2010 10:28:52 PM | Computer Name = DAN-367DE5989A0 | Source = Avira AntiVir | ID = 4122
Description = Unable to load file <CfgLib>. Returned error code: 0x2

[ System Events ]
Error - 8/30/2010 10:04:58 PM | Computer Name = DAN-367DE5989A0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/30/2010 10:05:45 PM | Computer Name = DAN-367DE5989A0 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 8/30/2010 10:05:45 PM | Computer Name = DAN-367DE5989A0 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb BANTExt Fips intelppm ssmdrv

Error - 8/30/2010 10:09:56 PM | Computer Name = DAN-367DE5989A0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 8/30/2010 10:09:57 PM | Computer Name = DAN-367DE5989A0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 8/30/2010 10:17:16 PM | Computer Name = DAN-367DE5989A0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/30/2010 10:17:44 PM | Computer Name = DAN-367DE5989A0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/30/2010 10:20:30 PM | Computer Name = DAN-367DE5989A0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/30/2010 10:21:37 PM | Computer Name = DAN-367DE5989A0 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 8/30/2010 10:21:38 PM | Computer Name = DAN-367DE5989A0 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >


and finally the combofix txt. sorry for massing up all this at once tongue.gif.

EDIT: Posts merged ~BP

Edited by Budapest, 30 August 2010 - 09:50 PM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 PM

Posted 05 September 2010 - 09:51 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users