Jump to content


Photo

Cleaned PC of virus, now can't access internet! Please help


  • This topic is locked This topic is locked
44 replies to this topic

#1 nomoretubesforme

nomoretubesforme

    Member

  • Members
  • 26 posts

Posted 24 January 2012 - 11:10 PM

I noticed I had some sort of virus, so I ran several spyware removal programs to try and get it. The virus was causing FireFox to open tabs on its own, mostly aimed at either news sites or spam ads. After using Hitman Pro to remove something, I noticed I can no longer access the internet. My computer says that it is connected, and I have tried lowering the firewall and using WinSock, but to no avail. It isn't my connection- I'm writing with my laptop right now, on the same wifi connection. (If it's relevant, my PC uses an ethernet cable.) The computer in question is a PC running XP. I can't figure out what's wrong, any help is so appreciated! Here's my HijackThis log. Logfile of HijackThis v1.99.1 Scan saved at 9:42:51 PM, on 1/24/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe C:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wltray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Glary Utilities\Integrator.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Matt\Desktop\Matt's\Anti Virus and Cleaners\New\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.co.../sysreqlab3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1181682954490 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1189991968656 O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) - O20 - Winlogon Notify: awtrqqn - C:\WINDOWS\ O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe O23 - Service: Zune Network Sharing Service (ZuneNetworkSvc) - Unknown owner - f:\Juvon\ZuneNss.exe (file missing) (Also, if relevant, I was intentionally running several spyware removers as this was scanning.)

#2 Satchfan

Satchfan

    Member

  • Trusted Malware Techs
  • 135 posts
  • Gender:Female
  • Location:Devon, UK


Posted 26 January 2012 - 04:19 AM

Hello nomoretubesforme :wp:

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:
  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your log now and will reply with instructions shortly

Satchfan

Edited by Satchfan, 26 January 2012 - 04:20 AM.


#3 nomoretubesforme

nomoretubesforme

    Member

  • Members
  • 26 posts

Posted 26 January 2012 - 04:33 AM

Thank you so much! I am utterly stuck and not sure how to fix this. If it helps at all, I think my copy of Avira AntiVirus may have been corrupted or infected. I notice I can not stop it from running, nor uninstall, nor delete it. Thanks so much for your time!

#4 Satchfan

Satchfan

    Member

  • Trusted Malware Techs
  • 135 posts
  • Gender:Female
  • Location:Devon, UK


Posted 26 January 2012 - 05:14 AM

Hello again nomoretubesforme

A couple of things before we start cleaning your computer:

Running multiple antivirus programs

You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

Uninstall either Avira or Microsoft Security Essentials.
  • click on Start, Settings, Control Panel
  • double-click Add or Remove Programs(it may take time for the list to appear, so be patient)
  • scroll down the list and look for the program you are uninstalling, click on it and then on Remove.

===================================================

Spybot TeaTimer

Please disable this program and leave it disabled until we are done as it can interfere with some of the tools we use.
  • launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • on the left hand side, click on Tools, then click on the Resident Icon in the list.
  • uncheck the Resident TeaTimer (Protection of overall system settings) active box.
  • click on the System Startup icon in the List
  • uncheck the "TeaTimer" box and click OK at any prompts.
  • if Teatimer gives you a warning that changes were made, click Allow Change when prompted.
  • exit Spybot S&D.

(When we are finished, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup).


===================================================

Run HijackThis

Open HijackThis and click Do a system scan only.

Place a check mark next to:

O20 - Winlogon Notify: awtrqqn - C:\WINDOWS\
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)


Close all windows except for HijackThis and click Fix checked.

===================================================

Run OTL

download OTL and save it to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted
  • when the window appears, underneath Output at the top change it to Minimal Output
  • check the boxes beside LOP Check and Purity Check
  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. You may need two posts to fit them both in.

===================================================

Run aswMBR
  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply
Logs to include with next post:

OTL.txt
Extras.txt
aswMBR log


Thanks

Satchfan

Edited by Satchfan, 26 January 2012 - 05:19 AM.


#5 nomoretubesforme

nomoretubesforme

    Member

  • Members
  • 26 posts

Posted 26 January 2012 - 01:34 PM

I wasn't able to update virus definitions with avast, I hope that's ok. If not, I will go back and remedy that. Here are the logs-

OTL logfile created on: 1/26/2012 12:20:31 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsMattDesktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.02% Memory free
3.85 Gb Paging File | 3.31 Gb Available in Paging File | 85.84% Paging File free
Paging file location(s): c:pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 232.88 Gb Total Space | 37.76 Gb Free Space | 16.22% Space Free | Partition Type: NTFS
Drive F: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 930.86 Gb Total Space | 644.29 Gb Free Space | 69.21% Space Free | Partition Type: NTFS

Computer Name: :filtered: | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:Documents and SettingsMattdesktopOTL.exe (OldTimer Tools)
PRC - C:Program FilesTabletWacomWacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:Program FilesTabletWacomWacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:Program FilesAviraAntiVir Desktopavgnt.exe (Avira GmbH)
PRC - C:WINDOWSexplorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:Program FilesTabletWacomlibxml2.dll ()
MOD - C:Program FilesWinRARRarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (ZuneNetworkSvc) -- File not found
SRV - (MDM) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Apple Mobile Device) -- File not found
SRV - (TabletServiceWacom) -- C:Program FilesTabletWacomWacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (ZuneWlanCfgSvc) -- C:WINDOWSsystem32ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (ZuneBusEnum) -- C:WINDOWSsystem32ZuneBusEnum.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe (Acresso Software Inc.)


========== Driver Services (SafeList) ==========

DRV - (hitmanpro35) -- C:WINDOWSsystem32drivershitmanpro36.sys ()
DRV - (wacmoumonitor) -- C:WINDOWSsystem32driverswacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:WINDOWSsystem32driverswacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:WINDOWSsystem32driverswacomvhid.sys (Wacom Technology)
DRV - (avgntflt) -- C:WINDOWSsystem32driversavgntflt.sys (Avira GmbH)
DRV - (Si3132r5) -- C:WINDOWSSystem32driversSi3132r5.sys (Silicon Image, Inc)
DRV - (Si3132) -- C:WINDOWSSystem32driverssi3132.sys (Silicon Image, Inc)
DRV - (JL2005C) -- C:WINDOWSsystem32driversjl2005c.sys (Windows ® 2000 DDK provider)
DRV - (NCHSSVAD) -- C:WINDOWSsystem32driversnchssvad.sys (NCH Swift Sound)
DRV - (TPkd) -- C:WINDOWSSystem32driversTPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (avgio) -- C:Program FilesAviraAntiVir Desktopavgio.sys (Avira GmbH)
DRV - (sptd) -- C:WINDOWSSystem32Driverssptd.sys (Duplex Secure Ltd.)
DRV - (NdisWDM) -- C:WINDOWSsystem32driversNdisWDM.sys (Broadcom Corporation)
DRV - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:WINDOWSsystem32driversSRS_SSCFilter_i386.sys ()
DRV - (BCMWLNPF) -- C:WINDOWSsystem32driversbcmwlnpf.sys (CACE Technologies)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:WINDOWSsystem32driversRtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (WinUSB) -- C:WINDOWSsystem32driverswinusb.sys (Microsoft Corporation)
DRV - (RT25USBAP) -- C:WINDOWSsystem32driversRT25USBAP.SYS (Ralink Technology Inc.)
DRV - (yukonwxp) -- C:WINDOWSsystem32driversyk51x86.sys (Marvell)
DRV - (MTsensor) -- C:WINDOWSsystem32driversASACPI.sys ()
DRV - (TIEHDUSB) -- C:WINDOWSsystem32driverstiehdusb.sys (Texas Instruments Incorporated)
DRV - (PenClass) -- C:WINDOWSsystem32DriversPenClass.sys (Wacom Technology Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = %SystemRoot%system32blank.htm

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32.dll ()
FF - HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:WINDOWSsystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)
FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found
FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()
FF - HKLMSoftwareMozillaPlugins@divx.com/DivX Browser Plugin,version=1.0.0: C:Program FilesDivXDivX Plus Web Playernpdivx32.dll (DivX, LLC)
FF - HKLMSoftwareMozillaPlugins@divx.com/DivX VOD Helper,version=1.0.0: C:Program FilesDivXDivX OVS Helpernpovshelper.dll (DivX, LLC.)
FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@movenetworks.com/Quantum Media Player: File not found
FF - HKLMSoftwareMozillaPlugins@ogplanet.com/npOGPPlugin: C:WINDOWSsystem32npOGPPlugin.dll (OGPlanet)
FF - HKLMSoftwareMozillaPlugins@pandonetworks.com/PandoWebPlugin: C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)
FF - HKLMSoftwareMozillaPlugins@wacom.com/wacom-plugin,version=1.1.0.10: C:Program FilesTabletPluginsnpwacom.dll (Wacom, Inc.)
FF - HKCUSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32.dll ()
FF - HKCUSoftwareMozillaPlugins@facebook.com/FBPlugin,version=1.0.1: C:Documents and SettingsMattApplication DataFacebooknpfbplugin_1_0_1.dll ( )
FF - HKCUSoftwareMozillaPlugins@facebook.com/FBPlugin,version=1.0.3: C:Documents and SettingsMattApplication DataFacebooknpfbplugin_1_0_3.dll ( )
FF - HKCUSoftwareMozillaPlugins@movenetworks.com/Quantum Media Player: File not found
FF - HKCUSoftwareMozillaPluginspandonetworks.com/PandoWebPlugin: C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{3112ca9c-de6d-4884-a869-9855de68056c}: C:Documents and SettingsAll UsersApplication DataMozillaFirefox Extensions{3112ca9c-de6d-4884-a869-9855de68056c} [2007/09/05 22:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{AD59A42B-CEC7-4784-B02D-E46818CE18C7}: C:Documents and SettingsMattLocal SettingsApplication Data{AD59A42B-CEC7-4784-B02D-E46818CE18C7} [2010/02/14 02:26:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:Program FilesDivXDivX Plus Web Playerfirefoxhtml5video [2011/03/07 23:35:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{6904342A-8307-11DF-A508-4AE2DFD72085}: C:Program FilesDivXDivX Plus Web Playerfirefoxwpa [2011/03/07 23:35:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 9.0.1extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2012/01/07 22:28:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 9.0.1extensionsPlugins: C:Program FilesMozilla Firefoxplugins [2011/07/10 19:02:22 | 000,000,000 | ---D | M]

[2008/06/18 22:20:21 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsMattApplication DataMozillaExtensions
[2012/01/21 00:24:27 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions
[2010/12/07 05:47:26 | 000,000,000 | ---D | M] ("Facebook PhotoZoom") -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
[2011/06/25 03:17:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/02 17:48:51 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{36b72fda-9a37-456c-8cc8-cddd4a3fe312}
[2011/02/04 08:54:04 | 000,000,000 | ---D | M] (PDF Download) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/02/04 08:54:03 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/12/07 05:47:18 | 000,000,000 | ---D | M] (Aquatint Black) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2012/01/21 00:24:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/12/07 05:47:27 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensionsextension@virtusdesigns.com
[2011/12/21 07:41:39 | 000,000,000 | ---D | M] ("Reddit Enhancement Suite") -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensionsjid1-xUfzOsOFlzSOXg@jetpack
[2010/06/28 23:01:45 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensionsLogMeInClient@logmein.com
[2009/04/15 18:32:44 | 000,000,000 | ---D | M] (Move Media Player) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensionsmoveplayer@movenetworks.com
[2010/12/07 05:47:26 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensionsextension@virtusdesigns.comchrome
[2010/12/07 05:47:26 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensionsextension@virtusdesigns.comdefaults
[2010/12/07 05:47:18 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{7694c49c-9fbd-11dc-8314-0800200c9a66}chromewinmozappsextensions
[2011/11/11 01:13:04 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions
[2012/01/07 22:27:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:Program Filesmozilla firefoxcomponentsbrowsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:Program Filesmozilla firefoxpluginsnpdeployJava1.dll
[2011/10/07 04:14:02 | 000,002,252 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbing.xml
[2011/11/11 01:12:42 | 000,002,040 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginstwitter.xml

O1 HOSTS File: ([2012/01/24 21:27:42 | 000,000,736 | ---- | M]) - C:WINDOWSsystem32driversetchosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:Program FilesDivXDivX Plus Web Playernpdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:Program FilesDivXDivX Plus Web Playernpdivx32.dll (DivX, LLC)
O4 - HKLM..Run: [avgnt] C:Program FilesAviraAntiVir Desktopavgnt.exe (Avira GmbH)
O4 - HKLM..Run: [NvCplDaemon] C:WINDOWSSystem32NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..Run: [NvMediaCenter] C:WINDOWSSystem32NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..Run: [nwiz] C:WINDOWSSystem32nwiz.exe ()
O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupAdobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupTabUserW.exe.lnk = C:WINDOWSsystem32WTabletTabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:Documents and SettingsMattStart MenuProgramsStartupStardock ObjectDock.lnk = C:Program FilesStardockObjectDockObjectDock.exe (Stardock)
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0
O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRecovery present
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5Catalog_Entries000000000004 [] - C:WINDOWSsystem32nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://dev.srtest.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1181682954490 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1189991968656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.7.254
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{59E455B4-F980-4EAD-A982-F4854EC1B42F}: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{C10AFB3A-9022-4773-8304-CBF544826B0E}: DhcpNameServer = 192.168.7.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WINDOWSexplorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) -C:WINDOWSsystem32userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:Documents and SettingsMattApplication DataMicrosoftInternet ExplorerInternet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:Documents and SettingsMattApplication DataMicrosoftInternet ExplorerInternet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:Program FilesWindows DefenderMpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/12 19:10:02 | 000,000,000 | ---D | M] - C:Autodesk -- [ NTFS ]
O32 - AutoRun File - [2007/06/12 02:02:52 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 15:12:18 | 000,000,088 | R--- | M] () - F:autorun.inf -- [ UDF ]
O33 - MountPoints2{01ca3b00-f0cc-11de-8473-001a926e1f8a}ShellAutoRuncommand - "" = F:Setup_FlipShare.exe
O33 - MountPoints2{01ca3b00-f0cc-11de-8473-001a926e1f8a}ShellSetup FlipSharecommand - "" = F:Setup_FlipShare.exe
O33 - MountPoints2FShell - "" = AutoRun
O33 - MountPoints2FShellAutoRun - "" = Auto&Play
O33 - MountPoints2FShellAutoRuncommand - "" = F:WD SmartWare.exe -- [2009/11/13 13:25:22 | 003,280,672 | R--- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM..comfile [open] -- "%1" %*
O35 - HKLM..exefile [open] -- "%1" %*
O37 - HKLM...com [@ = ComFile] -- "%1" %*
O37 - HKLM...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:WINDOWSSystem32
[2012/01/26 12:19:48 | 004,733,440 | ---- | C] (AVAST Software) -- C:Documents and SettingsMattDesktopaswMBR.exe
[2012/01/26 12:19:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:Documents and SettingsMattDesktopOTL.exe
[2012/01/24 22:26:17 | 000,000,000 | -H-D | C] -- C:Documents and SettingsAll UsersApplication DataCommon Files
[2012/01/24 22:25:49 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataMFAData
[2012/01/24 20:23:10 | 000,000,000 | RH-D | C] -- C:Documents and SettingsMattRecent
[2012/01/24 19:10:41 | 000,000,000 | ---D | C] -- C:WINDOWSpss
[2012/01/24 17:13:12 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataHitmanPro
[2012/01/20 04:38:20 | 000,000,000 | ---D | C] -- C:Documents and SettingsMattDesktopicons
[2012/01/15 21:55:45 | 000,000,000 | ---D | C] -- C:Documents and SettingsMattDesktopMI previews
[2012/01/05 05:37:25 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsRebirthRO
[2012/01/05 05:35:33 | 000,000,000 | ---D | C] -- C:Program FilesRebirthRO
[2010/06/10 21:00:36 | 000,047,360 | ---- | C] (VSO Software) -- C:Documents and SettingsMattApplication Datapcouffin.sys
[3 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]
[10 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:WINDOWSSystem32
[2012/01/26 12:18:31 | 004,733,440 | ---- | M] (AVAST Software) -- C:Documents and SettingsMattDesktopaswMBR.exe
[2012/01/26 12:16:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsMattDesktopOTL.exe
[2012/01/26 12:05:33 | 000,001,945 | ---- | M] () -- C:WINDOWSepplauncher.mif
[2012/01/26 01:54:50 | 000,177,359 | ---- | M] () -- C:WINDOWSSystem32nvapps.xml
[2012/01/26 01:54:46 | 000,000,310 | ---- | M] () -- C:WINDOWStasksGlaryInitialize.job
[2012/01/26 01:54:45 | 000,013,646 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl
[2012/01/26 01:38:19 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat
[2012/01/24 21:27:42 | 000,000,736 | ---- | M] () -- C:WINDOWSSystem32driversetchosts
[2012/01/24 20:12:24 | 000,083,968 | ---- | M] () -- C:Documents and SettingsMattLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/24 19:17:41 | 000,000,430 | ---- | M] () -- C:WINDOWSSystem32driversetchosts.ics
[2012/01/24 18:47:10 | 000,023,624 | ---- | M] () -- C:WINDOWSSystem32drivershitmanpro36.sys
[2012/01/24 18:44:40 | 000,000,750 | ---- | M] () -- C:WINDOWSSystem32.crusader
[2012/01/24 18:14:05 | 000,000,664 | ---- | M] () -- C:WINDOWSSystem32d3d9caps.dat
[2012/01/23 22:18:00 | 000,000,284 | ---- | M] () -- C:WINDOWStasksAppleSoftwareUpdate.job
[2012/01/22 21:18:10 | 000,000,270 | ---- | M] () -- C:Documents and SettingsMattApplication Dataview3dscene.conf
[2012/01/12 03:09:06 | 000,503,110 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat
[2012/01/12 03:09:06 | 000,088,508 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat
[3 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]
[10 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/24 18:44:40 | 000,000,750 | ---- | C] () -- C:WINDOWSSystem32.crusader
[2012/01/24 17:13:52 | 000,023,624 | ---- | C] () -- C:WINDOWSSystem32drivershitmanpro36.sys
[2012/01/22 21:18:10 | 000,000,270 | ---- | C] () -- C:Documents and SettingsMattApplication Dataview3dscene.conf
[2010/06/28 16:42:00 | 000,173,671 | ---- | C] () -- C:WINDOWShpoins40.dat
[2010/06/28 16:42:00 | 000,000,918 | ---- | C] () -- C:WINDOWShpomdl40.dat
[2010/06/28 00:01:10 | 001,980,648 | ---- | C] () -- C:Documents and SettingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
[2010/06/10 21:01:16 | 000,001,189 | ---- | C] () -- C:Documents and SettingsMattApplication Datavso_ts_preview.xml
[2010/06/10 21:00:36 | 000,087,608 | ---- | C] () -- C:Documents and SettingsMattApplication Datainst.exe
[2010/06/10 21:00:36 | 000,007,887 | ---- | C] () -- C:Documents and SettingsMattApplication Datapcouffin.cat
[2010/06/10 21:00:36 | 000,001,144 | ---- | C] () -- C:Documents and SettingsMattApplication Datapcouffin.inf
[2010/06/10 04:17:58 | 000,180,224 | ---- | C] () -- C:WINDOWSSystem32xvidvfw.dll
[2010/06/10 04:02:19 | 000,000,008 | -H-- | C] () -- C:WINDOWSSystem32adb.dat
[2010/02/14 02:26:43 | 000,000,120 | ---- | C] () -- C:WINDOWSQjayogodini.dat
[2010/02/14 02:26:43 | 000,000,000 | ---- | C] () -- C:WINDOWSCbowanojo.bin
[2010/02/03 17:29:20 | 000,261,632 | ---- | C] () -- C:WINDOWSPEV.exe
[2010/02/03 17:29:20 | 000,077,312 | ---- | C] () -- C:WINDOWSMBR.exe
[2010/02/03 17:29:20 | 000,068,096 | ---- | C] () -- C:WINDOWSzip.exe
[2010/02/03 17:29:19 | 000,098,816 | ---- | C] () -- C:WINDOWSsed.exe
[2010/02/03 17:29:19 | 000,080,412 | ---- | C] () -- C:WINDOWSgrep.exe
[2010/01/30 15:22:18 | 000,000,056 | ---- | C] () -- C:WINDOWSkgt2k.INI
[2009/12/06 22:20:16 | 000,118,870 | ---- | C] () -- C:WINDOWShpoins30.dat
[2009/12/06 22:20:16 | 000,000,449 | ---- | C] () -- C:WINDOWShpomdl30.dat
[2009/09/22 20:09:20 | 000,082,232 | -H-- | C] () -- C:WINDOWSSystem32mlfcache.dat
[2009/06/18 16:47:15 | 000,002,048 | ---- | C] () -- C:WINDOWSSystem32Tr_sttool.dat
[2009/05/15 01:09:44 | 000,757,760 | ---- | C] () -- C:WINDOWSSystem32bcm1xsup.dll
[2009/05/15 01:09:44 | 000,086,016 | ---- | C] () -- C:WINDOWSSystem32preflib.dll
[2009/03/02 16:48:59 | 000,057,344 | ---- | C] () -- C:WINDOWSSystem32ff_vfw.dll
[2009/02/05 23:47:36 | 000,172,032 | ---- | C] () -- C:WINDOWSSystem32dsptoolD.dll
[2009/02/05 23:47:36 | 000,065,536 | ---- | C] () -- C:WINDOWSSystem32dsptool.dll
[2008/12/29 16:36:46 | 000,000,085 | -HS- | C] () -- C:Documents and SettingsAll UsersApplication Data.zreglib
[2008/12/27 05:37:36 | 000,000,029 | ---- | C] () -- C:WINDOWSProgs_.ini
[2008/11/10 19:47:54 | 000,000,031 | ---- | C] () -- C:WINDOWSSystem32winnsdows2.dll
[2008/08/26 21:42:29 | 000,047,360 | R--- | C] () -- C:WINDOWSSystem32driversSurroundhp_kern_i386.sys
[2008/08/26 21:42:29 | 000,047,104 | R--- | C] () -- C:WINDOWSSystem32driverstshd4_kern_i386.sys
[2008/08/26 21:42:29 | 000,042,112 | R--- | C] () -- C:WINDOWSSystem32driverscsiidecoder_kern_i386.sys
[2008/08/26 21:42:29 | 000,039,808 | R--- | C] () -- C:WINDOWSSystem32driversSRS_SSCFilter_i386.sys
[2008/08/14 21:22:01 | 000,000,056 | -H-- | C] () -- C:WINDOWSSystem32ezsidmv.dat
[2008/08/13 16:52:29 | 000,000,022 | ---- | C] () -- C:WINDOWSExtractAudio.INI
[2008/07/06 17:24:48 | 000,001,024 | ---- | C] () -- C:Documents and SettingsMattApplication DataWavCodec.wff
[2008/04/14 05:00:00 | 013,107,200 | ---- | C] () -- C:WINDOWSSystem32oembios.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:WINDOWSSystem32mlang.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:WINDOWSSystem32perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:WINDOWSSystem32dssec.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:WINDOWSSystem32mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:WINDOWSSystem32perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:WINDOWSSystem32secupd.dat
[2008/04/14 05:00:00 | 000,004,461 | ---- | C] () -- C:WINDOWSSystem32oembios.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:WINDOWSSystem32Dcache.bin
[2008/01/03 19:26:05 | 000,819,200 | ---- | C] () -- C:WINDOWSSystem32xvidcore.dll
[2008/01/03 19:26:05 | 000,383,238 | ---- | C] () -- C:WINDOWSSystem32libmp3lame-0.dll
[2007/12/17 20:22:04 | 000,000,664 | ---- | C] () -- C:WINDOWSSystem32d3d9caps.dat
[2007/09/10 00:24:04 | 000,001,156 | ---- | C] () -- C:WINDOWSmozver.dat
[2007/09/06 00:45:08 | 000,000,526 | ---- | C] () -- C:WINDOWSwininit.ini
[2007/08/21 00:00:59 | 001,936,528 | ---- | C] () -- C:WINDOWSSystem32ltmm15.dll
[2007/07/17 18:29:39 | 000,016,384 | ---- | C] () -- C:WINDOWSSystem32FileOps.exe
[2007/06/29 17:46:45 | 000,000,611 | ---- | C] () -- C:Documents and SettingsMattApplication DataAutoGK.ini
[2007/06/29 17:11:27 | 000,000,195 | ---- | C] () -- C:WINDOWSIfoEdit.INI
[2007/06/26 23:21:34 | 000,000,229 | ---- | C] () -- C:WINDOWSNeroDigital.ini
[2007/06/26 23:10:25 | 000,000,000 | ---- | C] () -- C:WINDOWSnsreg.dat
[2007/06/26 10:01:16 | 000,002,188 | ---- | C] () -- C:Documents and SettingsAll UsersApplication DataQTSBandwidthCache
[2007/06/25 12:59:36 | 000,000,032 | ---- | C] () -- C:WINDOWSGunzLauncher.INI
[2007/06/25 11:15:21 | 000,001,056 | ---- | C] () -- C:WINDOWSmaxlink.ini
[2007/06/25 11:15:21 | 000,000,090 | ---- | C] () -- C:WINDOWScalera.ini
[2007/06/25 11:15:17 | 000,269,312 | ---- | C] () -- C:WINDOWSSystem32FPXIG.DLL
[2007/06/25 11:15:17 | 000,068,096 | ---- | C] () -- C:WINDOWSSystem32IGFPX32P.DLL
[2007/06/25 11:15:17 | 000,065,024 | ---- | C] () -- C:WINDOWSSystem32JPEGACC.DLL
[2007/06/25 11:15:06 | 000,101,376 | ---- | C] () -- C:WINDOWSSystem32WELSOF32.DLL
[2007/06/25 10:51:09 | 000,013,715 | ---- | C] () -- C:WINDOWSSystem32tablet.dat
[2007/06/25 10:20:30 | 000,073,220 | ---- | C] () -- C:WINDOWSSystem32EPPICPrinterDB.dat
[2007/06/25 10:20:30 | 000,031,053 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern131.dat
[2007/06/25 10:20:30 | 000,029,114 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern1.dat
[2007/06/25 10:20:30 | 000,027,417 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern121.dat
[2007/06/25 10:20:30 | 000,021,021 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern3.dat
[2007/06/25 10:20:30 | 000,015,670 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern5.dat
[2007/06/25 10:20:30 | 000,013,280 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern2.dat
[2007/06/25 10:20:30 | 000,010,673 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern4.dat
[2007/06/25 10:20:30 | 000,004,943 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern6.dat
[2007/06/25 10:20:30 | 000,001,140 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_PT.dat
[2007/06/25 10:20:30 | 000,001,140 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_BP.dat
[2007/06/25 10:20:30 | 000,001,137 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_ES.dat
[2007/06/25 10:20:30 | 000,001,130 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_FR.dat
[2007/06/25 10:20:30 | 000,001,130 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_CF.dat
[2007/06/25 10:20:30 | 000,001,104 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_EN.dat
[2007/06/25 10:20:30 | 000,000,097 | ---- | C] () -- C:WINDOWSSystem32PICSDK.ini
[2007/06/25 10:19:55 | 000,000,083 | ---- | C] () -- C:WINDOWSEPSP1400.ini
[2007/06/22 12:57:44 | 000,083,968 | ---- | C] () -- C:Documents and SettingsMattLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/22 12:32:53 | 000,061,440 | ---- | C] () -- C:WINDOWSSystem32cdTextCtl.dll
[2007/06/22 11:23:08 | 000,000,376 | ---- | C] () -- C:WINDOWSODBC.INI
[2007/06/12 02:23:24 | 000,049,152 | R--- | C] () -- C:WINDOWSSystem32ChCfg.exe
[2007/06/12 02:18:00 | 000,019,959 | ---- | C] () -- C:WINDOWSAscd_tmp.ini
[2007/06/12 02:18:00 | 000,005,810 | R--- | C] () -- C:WINDOWSSystem32driversASACPI.sys
[2007/06/12 02:17:51 | 000,010,288 | ---- | C] () -- C:WINDOWSSystem32driversASUSHWIO.SYS
[2007/06/12 02:04:15 | 000,002,048 | --S- | C] () -- C:WINDOWSbootstat.dat
[2007/06/12 02:00:58 | 000,023,348 | ---- | C] () -- C:WINDOWSSystem32emptyregdb.dat
[2007/06/11 21:20:27 | 000,004,161 | ---- | C] () -- C:WINDOWSODBCINST.INI
[2007/06/11 21:19:33 | 001,652,752 | ---- | C] () -- C:WINDOWSSystem32FNTCACHE.DAT
[2006/09/24 12:37:00 | 000,169,472 | ---- | C] () -- C:WINDOWSSystem32lame_enc.dll
[2006/08/11 22:45:20 | 000,581,632 | ---- | C] () -- C:WINDOWSSystem32nvhwvid.dll
[2006/08/11 22:43:00 | 001,703,936 | ---- | C] () -- C:WINDOWSSystem32nvwdmcpl.dll
[2006/08/11 22:43:00 | 001,630,208 | ---- | C] () -- C:WINDOWSSystem32nwiz.exe
[2006/08/11 22:43:00 | 001,486,848 | ---- | C] () -- C:WINDOWSSystem32nview.dll
[2006/08/11 22:43:00 | 001,339,392 | ---- | C] () -- C:WINDOWSSystem32nvdspsch.exe
[2006/08/11 22:43:00 | 001,019,904 | ---- | C] () -- C:WINDOWSSystem32nvwimg.dll
[2006/08/11 22:43:00 | 000,466,944 | ---- | C] () -- C:WINDOWSSystem32nvshell.dll
[2006/08/11 22:43:00 | 000,442,368 | ---- | C] () -- C:WINDOWSSystem32nvappbar.exe
[2006/08/11 22:43:00 | 000,425,984 | ---- | C] () -- C:WINDOWSSystem32keystone.exe
[2006/08/11 22:43:00 | 000,286,720 | ---- | C] () -- C:WINDOWSSystem32nvnt4cpl.dll
[2006/03/18 07:16:04 | 000,540,178 | ---- | C] () -- C:WINDOWSSystem32x264vfw.dll
[2006/03/03 19:04:38 | 000,303,104 | ---- | C] () -- C:WINDOWSSystem32qscl.dll
[2006/02/28 06:00:00 | 000,503,110 | ---- | C] () -- C:WINDOWSSystem32perfh009.dat
[2006/02/28 06:00:00 | 000,088,508 | ---- | C] () -- C:WINDOWSSystem32perfc009.dat
[2006/02/28 06:00:00 | 000,000,741 | ---- | C] () -- C:WINDOWSSystem32noise.dat
[2005/03/30 12:29:16 | 000,114,688 | ---- | C] () -- C:WINDOWSSystem32msvos.dll
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:WINDOWSSystem32unrar.dll
[2002/03/16 18:00:00 | 000,007,420 | ---- | C] () -- C:WINDOWSUA000091.DLL

========== LOP Check ==========

[2008/10/17 12:11:05 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data2DBoy
[2011/07/12 02:57:43 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAbleton
[2010/04/03 13:48:52 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAIM
[2010/02/12 19:20:44 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAutodesk
[2009/12/07 04:34:44 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAventail
[2008/07/02 06:26:59 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataComcast
[2012/01/24 22:26:17 | 000,000,000 | -H-D | M] -- C:Documents and SettingsAll UsersApplication DataCommon Files
[2008/12/29 16:36:52 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataElaborate Bytes
[2007/06/25 11:46:24 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataEPSON
[2008/06/10 00:54:40 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataFuncom
[2012/01/24 20:23:09 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataHitmanPro
[2012/01/24 22:26:17 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataMFAData
[2009/06/18 17:22:20 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataNCH Swift Sound
[2009/05/09 01:25:27 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPACE Anti-Piracy
[2012/01/24 00:59:30 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPMB Files
[2008/12/25 04:55:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataRiver Past G5
[2010/05/18 02:35:14 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataSony
[2008/08/26 21:42:39 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataSRS Labs
[2008/11/09 01:16:18 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataSupportSoft
[2011/03/26 07:39:23 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataTEMP
[2008/04/24 23:40:56 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUlead Systems
[2010/05/27 02:41:38 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataVivitar
[2010/05/27 02:39:43 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataVivitar Experience Image Manager
[2010/06/10 21:31:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Datavsosdk
[2010/07/20 04:44:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataWestern Digital
[2011/06/16 17:38:25 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataWildTangent
[2010/01/30 06:03:25 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataWinZip
[2010/11/08 17:04:00 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 23:18:07 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 00:33:20 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/12 02:57:40 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataAbleton
[2010/04/03 13:49:18 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication Dataacccore
[2009/08/30 20:11:54 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataAcoustica
[2010/02/12 19:20:44 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataAutodesk
[2009/09/27 15:53:15 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataAventail
[2010/06/10 04:04:24 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataAviDvdBurner
[2012/01/05 06:13:50 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataBitTorrent
[2009/04/09 15:38:36 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataBump Technologies, Inc
[2007/08/27 03:14:35 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication Datacom.miieditor.MiiEditor
[2011/03/07 23:37:08 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataDDMSettings
[2007/12/17 22:08:26 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataEltima Software
[2010/03/30 16:38:52 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataFacebook
[2008/10/25 00:59:22 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataGConvert
[2007/07/05 10:51:57 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataGeoVid
[2010/01/28 21:56:36 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataGetRightToGo
[2010/02/04 17:37:51 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataGlarySoft
[2009/10/01 20:54:48 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication Datagtk-2.0
[2008/12/29 17:03:48 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataImgBurn
[2010/11/02 22:08:18 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication Datakompozer.net
[2007/06/25 10:26:52 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataLeadertech
[2008/12/24 15:03:12 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataLimeWire
[2011/05/31 13:07:23 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataLolClient
[2010/02/22 22:03:43 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataMael
[2007/06/29 23:17:09 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataMoyea
[2009/06/18 17:19:38 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataNCH Swift Sound
[2010/03/31 02:34:34 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataOpenOffice.org
[2009/05/09 01:25:27 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataPACE Anti-Piracy
[2010/05/18 02:43:17 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataPublish Providers
[2008/07/06 17:08:47 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataRecordpad
[2008/12/24 20:08:53 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataRiver Past G5
[2010/05/18 02:43:11 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataSony
[2011/02/28 22:30:05 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataSynthMaker
[2010/06/10 21:42:47 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataVso
[2012/01/26 01:54:46 | 000,000,310 | ---- | M] () -- C:WINDOWSTasksGlaryInitialize.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:Documents and SettingsAll UsersApplication DataTEMP:8CE646EE
@Alternate Data Stream - 1329 bytes -> C:Documents and SettingsMattLocal SettingsApplication DatanXfF5Lhp5DL:X64psVF3DJ5ANo0AocHZOvY
@Alternate Data Stream - 1263 bytes -> C:Documents and SettingsAll UsersApplication DataMicrosoft:NQ0etMVuYRsOhuGSA
@Alternate Data Stream - 1123 bytes -> C:Documents and SettingsAll UsersApplication DataMicrosoft:9ITOI0pO1QIPjiMMeA9

< End of report >

#6 nomoretubesforme

nomoretubesforme

    Member

  • Members
  • 26 posts

Posted 26 January 2012 - 01:34 PM

Next log-

OTL Extras logfile created on: 1/26/2012 12:20:31 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsMattDesktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.02% Memory free
3.85 Gb Paging File | 3.31 Gb Available in Paging File | 85.84% Paging File free
Paging file location(s): c:pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 232.88 Gb Total Space | 37.76 Gb Free Space | 16.22% Space Free | Partition Type: NTFS
Drive F: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 930.86 Gb Total Space | 644.29 Gb Free Space | 69.21% Space Free | Partition Type: NTFS

Computer Name: :filtered: | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USERSOFTWAREClasses<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:Program FilesVideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:Program FilesVideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTSystemRestore]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSr]
"Start" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall]

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile]

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileGloballyOpenPortsList]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"58304:TCP" = 58304:TCP:*:Enabled:Pando Media Booster
"58304:UDP" = 58304:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"58304:TCP" = 58304:TCP:*:Enabled:Pando Media Booster
"58304:UDP" = 58304:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"C:Program FilesHPDigital ImagingbinhpfcCopy.exe" = C:Program FilesHPDigital ImagingbinhpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:Program FilesHPDigital Imagingbinhpiscnapp.exe" = C:Program FilesHPDigital Imagingbinhpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:Program FilesPando NetworksMedia BoosterPMB.exe" = C:Program FilesPando NetworksMedia BoosterPMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"C:Program FilesScanSoftPaperPortNAVBrowser.exe" = C:Program FilesScanSoftPaperPortNAVBrowser.exe:*:Disabled:NAVBrowser -- (Naviant, Inc.)
"C:Program FilesMicrosoft GamesFlight Simulator 9fs9.exe" = C:Program FilesMicrosoft GamesFlight Simulator 9fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"C:WINDOWSsystem32dpnsvr.exe" = C:WINDOWSsystem32dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:Program FilesBitTorrentbittorrent.exe" = C:Program FilesBitTorrentbittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:WINDOWSsystem32dpvsetup.exe" = C:WINDOWSsystem32dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:Program FilesJavajre6binjava.exe" = C:Program FilesJavajre6binjava.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:Program FilesDynex G USB Network AdapterDynexWCUI.exe" = C:Program FilesDynex G USB Network AdapterDynexWCUI.exe:*:Enabled:Dynex Wireless Client Utility -- (Dynex)
"C:Program FilesMozilla Firefoxfirefox.exe" = C:Program FilesMozilla Firefoxfirefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe" = C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:Program FilesAutodesk3ds Max 20103dsmax.exe" = C:Program FilesAutodesk3ds Max 20103dsmax.exe:*:Enabled:Autodesk 3ds Max 2010 32-bit -- (Autodesk, Inc.)
"C:Program FilesAutodesk3ds Max 2010mentalraysatelliteraysat_3dsmax2010_32server.exe" = C:Program FilesAutodesk3ds Max 2010mentalraysatelliteraysat_3dsmax2010_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max 2010 32-bit
"C:Program FilesAutodesk3ds Max 2010mentalraysatelliteraysat_3dsmax2010_32.exe" = C:Program FilesAutodesk3ds Max 2010mentalraysatelliteraysat_3dsmax2010_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max 2010 32-bit -- (mental images GmbH)
"C:Program FilesAIMaim.exe" = C:Program FilesAIMaim.exe:*:Enabled:AIM
"C:Program FilesWiFiConnectorNintendoWFCReg.exe" = C:Program FilesWiFiConnectorNintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector -- ()
"C:Program FilesStarCraft II BetaStarCraft II.exe" = C:Program FilesStarCraft II BetaStarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:Program FilesStarCraft II BetaVersionsBase14621SC2.exe" = C:Program FilesStarCraft II BetaVersionsBase14621SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)
"C:Program FilesStarCraft II BetaVersionsBase14803SC2.exe" = C:Program FilesStarCraft II BetaVersionsBase14803SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)
"C:Program FilesSteamSteam.exe" = C:Program FilesSteamSteam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:Program FilesWorld of WarcraftLauncher.exe" = C:Program FilesWorld of WarcraftLauncher.exe:*:Enabled:Blizzard Launcher
"C:Program FilesHPDigital ImagingbinhpfcCopy.exe" = C:Program FilesHPDigital ImagingbinhpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:Program FilesHPDigital Imagingbinhpiscnapp.exe" = C:Program FilesHPDigital Imagingbinhpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:Program FilesStarCraft IIStarCraft II.exe" = C:Program FilesStarCraft IIStarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:Program FilesAutodeskBackburnermanager.exe" = C:Program FilesAutodeskBackburnermanager.exe:*:Disabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:Program FilesAutodeskBackburnermonitor.exe" = C:Program FilesAutodeskBackburnermonitor.exe:*:Disabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:Program FilesAutodeskBackburnerserver.exe" = C:Program FilesAutodeskBackburnerserver.exe:*:Disabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:Program FilesKonamiYu-Gi-Oh! ONLINE 3yo3.exe" = C:Program FilesKonamiYu-Gi-Oh! ONLINE 3yo3.exe:*:Enabled:Yu-Gi-Oh! ONLINE 3 -- ()
"C:Program FilesStarCraft IIVersionsBase16939SC2.exe" = C:Program FilesStarCraft IIVersionsBase16939SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:Program FilesStarCraft IIVersionsBase17326SC2.exe" = C:Program FilesStarCraft IIVersionsBase17326SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:Program FilesNeroNero 7Nero HomeNeroHome.exe" = C:Program FilesNeroNero 7Nero HomeNeroHome.exe:*:Disabled:Nero Home -- (Nero AG)
"C:Program FilesCommon FilesAheadNero WebSetupX.exe" = C:Program FilesCommon FilesAheadNero WebSetupX.exe:*:Disabled:Nero ProductSetup -- (Nero AG)
"C:WINDOWSsystem32sol.exe" = C:WINDOWSsystem32sol.exe:*:Disabled:Solitaire -- (Microsoft Corporation)
"C:Program FilesBonjourmDNSResponder.exe" = C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour Service
"C:Program FilesStarCraft IIVersionsBase18574SC2.exe" = C:Program FilesStarCraft IIVersionsBase18574SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:Program FilesPando NetworksMedia BoosterPMB.exe" = C:Program FilesPando NetworksMedia BoosterPMB.exe:*:Enabled:Pando Media Booster -- ()
"C:Program FilesSteamsteamappsgundamsdboyteam fortress 2hl2.exe" = C:Program FilesSteamsteamappsgundamsdboyteam fortress 2hl2.exe:*:Enabled:hl2
"C:Program FilesSteamsteamappssugarhyperpezyayteam fortress 2hl2.exe" = C:Program FilesSteamsteamappssugarhyperpezyayteam fortress 2hl2.exe:*:Enabled:hl2 -- ()
"C:Program FilesSteamsteamappscommonspiral knightsjava_vmbinjavaw.exe" = C:Program FilesSteamsteamappscommonspiral knightsjava_vmbinjavaw.exe:*:Enabled:Spiral Knights -- (Sun Microsystems, Inc.)
"C:Program FilesStarCraft IIVersionsBase19132SC2.exe" = C:Program FilesStarCraft IIVersionsBase19132SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:Program FilesCommon FilesJavaJava Updatejucheck.exe" = C:Program FilesCommon FilesJavaJava Updatejucheck.exe:*:Enabled:Java™ Update Checker -- (Sun Microsystems, Inc.)
"C:Program FilesMalwarebytes' Anti-Malwarembam.exe" = C:Program FilesMalwarebytes' Anti-Malwarembam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:Program FilesSpybot - Search & DestroySDUpdate.exe" = C:Program FilesSpybot - Search & DestroySDUpdate.exe:*:Enabled:Updater for Spybot-S&D -- (Safer Networking Limited)
"C:Program FilesGlary UtilitiesIntegrator.exe" = C:Program FilesGlary UtilitiesIntegrator.exe:*:Enabled:Glary Utilities -- (Glarysoft Ltd)
"C:Riot GamesLeague of LegendsRADSprojectslol_launcherreleases0.0.0.35deployLoLLauncher.exe" = C:Riot GamesLeague of LegendsRADSprojectslol_launcherreleases0.0.0.35deployLoLLauncher.exe:*:Enabled:PVP.net Patcher
"C:Program FilesAviraAntiVir Desktopavnotify.exe" = C:Program FilesAviraAntiVir Desktopavnotify.exe:*:Enabled:Notification Tool -- (Avira GmbH)
"C:Riot GamesLeague of LegendsRADSsystemrads_user_kernel.exe" = C:Riot GamesLeague of LegendsRADSsystemrads_user_kernel.exe:*:Enabled:PVP.net Patcher Kernel -- ()
"C:WINDOWSsystem32MacromedFlashFlashUtil10v_Plugin.exe" = C:WINDOWSsystem32MacromedFlashFlashUtil10v_Plugin.exe:*:Enabled:Adobe® Flash® Player Installer/Uninstaller 10.3 r183
"C:Program FilesJavajre6binjavaw.exe" = C:Program FilesJavajre6binjavaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:Program FilesCCleanerCCleaner.exe" = C:Program FilesCCleanerCCleaner.exe:*:Enabled:CCleaner -- (Piriform Ltd)
"C:Riot GamesLeague of LegendsRADSprojectslol_air_clientreleases0.0.0.110deployLolClient.exe" = C:Riot GamesLeague of LegendsRADSprojectslol_air_clientreleases0.0.0.110deployLolClient.exe:*:Enabled:Adobe AIR Debug Launcher


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver 12.0 Rel .4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22439E2F-1CF7-4F8B-992A-3AA3C0553929}" = Yu-Gi-Oh! ONLINE 3
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 26
"{26D3E377-1DCA-4043-9410-B4A9BACF1033}" = Nero 7 Ultra Edition
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{531D27E5-DE21-4777-9EDB-B7803087E7F3}" = Dynex Wireless G USB Network Adapter Setup
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B77972D-39DC-4AB9-8839-1EB103673093}" = Sketch2Photo
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2DAB009-8236-48A0-AD7F-E940F5AB1578}" = HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B89E0823-B15C-4CF2-9735-C77F54F92F1E}" = Connection Extension for Autodesk 3ds Max 2010 32-bit
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB8B979E-E336-47E7-96BC-1031C1B94561}" = Adobe AIR 1.0 Beta 1
"{BF1BDC10-4366-4221-0102-000501000000}" = COLLADAMax (1.2.5)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C356AE79-463B-48C4-B7C4-E08800799284}_is1" = XPS Annotator 1.22
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}" = PS_AIO_06_B209a-m_SW_Min
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DE54F85C-DB65-4691-B15D-1EF9149F0FD6}" = MangaBrowser for SHONEN JUMP 40th
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"Audacity_is1" = Audacity 1.2.6
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Autodesk FBX Plug-in 2011.2 - 3ds Max 2010" = Autodesk FBX Plug-in 2011.2 - 3ds Max 2010
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"BitTorrent" = BitTorrent
"BugOff" = BugOff 1.10
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX Setup
"DT01_2009_1026_1436_is1" = Uninstall Dual Mode Camera (DT01)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EPSON Printer and Utilities" = EPSON Printer Software
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"Glary Utilities_is1" = Glary Utilities 2.33.0.1158
"HijackThis" = HijackThis 1.99.1
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"ImgBurn" = ImgBurn
"JAIELangPack" = Japanese Language Support
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Live 8.2.2" = Live 8.2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
"OneTouch Version 3.0" = OneTouch Version 3.0
"PaperPort 7.02" = PaperPort 7.02
"pepakura_designer2_en" = Pepakura Designer2
"pepakura_designer3en" = Pepakura Designer 3
"pepakura_viewer2" = Pepakura Viewer2
"pepakura_viewer3en" = Pepakura Viewer 3
"pepanime2" = Pepakura Animation 2
"popupcard_en" = Pop-Up Card Designer
"RebirthRO_is1" = RebirthRO
"RumbleFighter" = Rumble Fighter
"Silent Package Run-Time Sample" = EPSON SP1400 Reference Guide
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 99900" = Spiral Knights
"VLC media player" = VLC media player 1.0.5
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WavePad" = WavePad Uninstall
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/25/2012 4:35:53 AM | Computer Name = :filtered: | Source = MPSampleSubmission | ID = 5000
Description =

Error - 1/25/2012 4:39:53 AM | Computer Name = :filtered: | Source = MPSampleSubmission | ID = 5000
Description =

Error - 1/25/2012 4:43:55 AM | Computer Name = :filtered: | Source = MPSampleSubmission | ID = 5000
Description =

Error - 1/25/2012 4:47:54 AM | Computer Name = :filtered: | Source = MPSampleSubmission | ID = 5000
Description =

Error - 1/25/2012 4:51:54 AM | Computer Name = :filtered: | Source = MPSampleSubmission | ID = 5000
Description =

Error - 1/25/2012 10:19:48 AM | Computer Name = :filtered: | Source = Microsoft Security Client | ID = 5000
Description =

Error - 1/25/2012 2:08:04 PM | Computer Name = :filtered: | Source = Microsoft Security Client | ID = 5000
Description =

Error - 1/25/2012 2:13:55 PM | Computer Name = :filtered: | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.5.0.124, faulting module
skype.exe, version 5.5.0.124, fault address 0x001dae87.

Error - 1/26/2012 3:48:27 AM | Computer Name = :filtered: | Source = MPSampleSubmission | ID = 5000
Description =

Error - 1/26/2012 2:05:10 PM | Computer Name = :filtered: | Source = Microsoft Security Client | ID = 1001
Description =

[ System Events ]
Error - 1/26/2012 3:32:28 AM | Computer Name = :filtered: | Source = Service Control Manager | ID = 7034
Description = The Zune Bus Enumerator service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/26/2012 3:38:40 AM | Computer Name = :filtered: | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 1/26/2012 3:39:36 AM | Computer Name = :filtered: | Source = Service Control Manager | ID = 7003
Description = The DHCP Client service depends on the following nonexistent service:
NetBT

Error - 1/26/2012 3:39:36 AM | Computer Name = :filtered: | Source = Service Control Manager | ID = 7003
Description = The TCP/IP NetBIOS Helper service depends on the following nonexistent
service: NetBT

Error - 1/26/2012 3:39:36 AM | Computer Name = :filtered: | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%1058

Error - 1/26/2012 3:39:36 AM | Computer Name = :filtered: | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%2

Error - 1/26/2012 3:39:36 AM | Computer Name = :filtered: | Source = Service Control Manager | ID = 7000
Description = The Machine Debug Manager service failed to start due to the following
error: %%2

Error - 1/26/2012 3:39:36 AM | Computer Name = :filtered: | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 1/26/2012 3:48:26 AM | Computer Name = :filtered: | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 1/26/2012 3:55:39 AM | Computer Name = :filtered: | Source = Service Control Manager | ID = 7034
Description = The Zune Bus Enumerator service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

#7 nomoretubesforme

nomoretubesforme

    Member

  • Members
  • 26 posts

Posted 26 January 2012 - 01:35 PM

Final log- aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software Run date: 2012-01-26 12:24:51 ----------------------------- 12:24:51.343 OS Version: Windows 5.1.2600 Service Pack 3 12:24:51.343 Number of processors: 2 586 0xF06 12:24:51.343 ComputerName: :filtered: UserName: Matt 12:24:52.312 Initialize success 12:25:15.234 AVAST engine download error: 0 12:25:31.859 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP3T0L0-19 12:25:31.859 Disk 0 Vendor: ST3250620AS 3.AAK Size: 238475MB BusType: 3 12:25:31.859 Disk 0 MBR read successfully 12:25:31.859 Disk 0 MBR scan 12:25:31.859 Disk 0 Windows XP default MBR code 12:25:31.859 Disk 0 MBR hidden 12:25:31.859 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 238464 MB offset 63 12:25:31.890 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 10 MB offset 488376000 12:25:31.890 Disk 0 Partition 2 **SUSPICIOUS** 12:25:31.890 Disk 0 scanning sectors +488397152 12:25:33.125 Disk 0 scanning C:WINDOWSsystem32drivers 12:25:39.968 Service scanning 12:25:40.828 Modules scanning 12:25:46.234 Disk 0 trace - called modules: 12:25:46.250 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a674fa9]<< 12:25:46.250 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x8a681030] 12:25:46.250 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP3T0L0-19[0x8a656700] 12:25:46.250 Driveratapi[0x8a6a6628] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a674fa9 12:25:46.250 Scan finished successfully 12:25:58.984 Disk 0 MBR has been saved successfully to "C:Documents and SettingsMattDesktopMBR.dat" 12:25:58.984 The log file has been saved successfully to "C:Documents and SettingsMattDesktopaswMBR.txt"

#8 nomoretubesforme

nomoretubesforme

    Member

  • Members
  • 26 posts

Posted 26 January 2012 - 01:35 PM

Thanks so much!

#9 Satchfan

Satchfan

    Member

  • Trusted Malware Techs
  • 135 posts
  • Gender:Female
  • Location:Devon, UK


Posted 26 January 2012 - 06:20 PM

Thanks for the logs. Please bear with me while I check your logs. It is quite late here now (UK) so I won’t be in touch again tonight but will be as quick as I can. Meanwhile, don’t worry as we will remedy this and get you back to normal :) Satchfan

#10 nomoretubesforme

nomoretubesforme

    Member

  • Members
  • 26 posts

Posted 26 January 2012 - 07:03 PM

No rush, and thank you so much again for the help!

#11 Satchfan

Satchfan

    Member

  • Trusted Malware Techs
  • 135 posts
  • Gender:Female
  • Location:Devon, UK


Posted 27 January 2012 - 05:06 AM

Not a lot to go on there so we’ll have a deeper look.

Run OTL
  • Double click on the icon to run it.
  • Copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [url="http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab"]http://fpdownload.ma...t/ultrashim.cab[/url] (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    [2010/01/30 15:22:18 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
    [2008/12/24 15:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\LimeWire
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
==================================

Download and run ComboFix

Download ComboFix from the following location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, as they may otherwise interfere with our tools. See here for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.



    Posted Image

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    Posted Image

    Click on Yes, to continue scanning for malware.
Note: Do not mouse-click combofix's window while it is running. That may cause it to stall.

When finished, it will produce a log. Please include the ComboFix.txt in your next reply. It can be found at C:\ComboFix.txt

Logs to include in the next post:

OTL fix log
New OTL log
ComboFix.txt


Can you also tell me what make of computer it is and how it is behaving now.

Thanks

Satchfan

#12 nomoretubesforme

nomoretubesforme

    Member

  • Members
  • 26 posts

Posted 27 January 2012 - 05:56 AM

I'm completing the above tasks as I write this. My computer is currently on the stage of me having hit "run fix" in OTL. It seems to be taking a good amount of time running, is that normal? Currently, my computer seems to be behaving more or less fine. Avira still won't disable, but most importantly still cannot connect to the internet. After OTL finishes and I finish the rest of the above steps, I will post the logs and update you on any progress. As for computer make, what sort of info are you looking for? I apologize, I am not very knowledgeable in that sort of thing.

#13 Satchfan

Satchfan

    Member

  • Trusted Malware Techs
  • 135 posts
  • Gender:Female
  • Location:Devon, UK


Posted 27 January 2012 - 06:16 AM

My computer is currently on the stage of me having hit "run fix" in OTL. It seems to be taking a good amount of time running, is that normal?

OTL shouldn't take more than a few minutes to do the "Fix" that I supplied in this case. If it is stil trying to do it when you receive this, cancel it and just run ComboFix.

===========================

As for computer make, what sort of info are you looking for?

By the make I just mean eg Dell, Acer, Sony, Toshiba

===========================

Avira still won't disable


Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on a red background (looks to this: Posted Image)
  • right click it-> untick the option AntiVir Guard enable.
  • you should now see a closed, white umbrella on a red background (looks to this: Posted Image)
If it still doesn't work, you can temporarily uninstall it as you are not accessing the Internet at the moment so can't get infected.

Also, if you are transferring files to the infected comuter, please make sure that ComboFix is transferred to your desktop.

#14 nomoretubesforme

nomoretubesforme

    Member

  • Members
  • 26 posts

Posted 27 January 2012 - 05:17 PM

My computer is actually a custom build, although not by me. If this helps at all, when it boots, a screen saying, "ASUS Ai Lifestyle, Intel," displays.

Thanks! Avira is finally gone.

OTL finished successfully, here are the needed logs, OLD OTL log first.

OTL logfile created on: 1/26/2012 12:20:31 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsMattDesktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.02% Memory free
3.85 Gb Paging File | 3.31 Gb Available in Paging File | 85.84% Paging File free
Paging file location(s): c:pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 232.88 Gb Total Space | 37.76 Gb Free Space | 16.22% Space Free | Partition Type: NTFS
Drive F: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 930.86 Gb Total Space | 644.29 Gb Free Space | 69.21% Space Free | Partition Type: NTFS

Computer Name: :filtered: | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:Documents and SettingsMattdesktopOTL.exe (OldTimer Tools)
PRC - C:Program FilesTabletWacomWacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:Program FilesTabletWacomWacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:Program FilesAviraAntiVir Desktopavgnt.exe (Avira GmbH)
PRC - C:WINDOWSexplorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:Program FilesTabletWacomlibxml2.dll ()
MOD - C:Program FilesWinRARRarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (ZuneNetworkSvc) -- File not found
SRV - (MDM) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Apple Mobile Device) -- File not found
SRV - (TabletServiceWacom) -- C:Program FilesTabletWacomWacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (ZuneWlanCfgSvc) -- C:WINDOWSsystem32ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (ZuneBusEnum) -- C:WINDOWSsystem32ZuneBusEnum.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe (Acresso Software Inc.)


========== Driver Services (SafeList) ==========

DRV - (hitmanpro35) -- C:WINDOWSsystem32drivershitmanpro36.sys ()
DRV - (wacmoumonitor) -- C:WINDOWSsystem32driverswacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:WINDOWSsystem32driverswacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:WINDOWSsystem32driverswacomvhid.sys (Wacom Technology)
DRV - (avgntflt) -- C:WINDOWSsystem32driversavgntflt.sys (Avira GmbH)
DRV - (Si3132r5) -- C:WINDOWSSystem32driversSi3132r5.sys (Silicon Image, Inc)
DRV - (Si3132) -- C:WINDOWSSystem32driverssi3132.sys (Silicon Image, Inc)
DRV - (JL2005C) -- C:WINDOWSsystem32driversjl2005c.sys (Windows ® 2000 DDK provider)
DRV - (NCHSSVAD) -- C:WINDOWSsystem32driversnchssvad.sys (NCH Swift Sound)
DRV - (TPkd) -- C:WINDOWSSystem32driversTPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (avgio) -- C:Program FilesAviraAntiVir Desktopavgio.sys (Avira GmbH)
DRV - (sptd) -- C:WINDOWSSystem32Driverssptd.sys (Duplex Secure Ltd.)
DRV - (NdisWDM) -- C:WINDOWSsystem32driversNdisWDM.sys (Broadcom Corporation)
DRV - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:WINDOWSsystem32driversSRS_SSCFilter_i386.sys ()
DRV - (BCMWLNPF) -- C:WINDOWSsystem32driversbcmwlnpf.sys (CACE Technologies)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:WINDOWSsystem32driversRtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (WinUSB) -- C:WINDOWSsystem32driverswinusb.sys (Microsoft Corporation)
DRV - (RT25USBAP) -- C:WINDOWSsystem32driversRT25USBAP.SYS (Ralink Technology Inc.)
DRV - (yukonwxp) -- C:WINDOWSsystem32driversyk51x86.sys (Marvell)
DRV - (MTsensor) -- C:WINDOWSsystem32driversASACPI.sys ()
DRV - (TIEHDUSB) -- C:WINDOWSsystem32driverstiehdusb.sys (Texas Instruments Incorporated)
DRV - (PenClass) -- C:WINDOWSsystem32DriversPenClass.sys (Wacom Technology Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = %SystemRoot%system32blank.htm

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32.dll ()
FF - HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:WINDOWSsystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)
FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found
FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()
FF - HKLMSoftwareMozillaPlugins@divx.com/DivX Browser Plugin,version=1.0.0: C:Program FilesDivXDivX Plus Web Playernpdivx32.dll (DivX, LLC)
FF - HKLMSoftwareMozillaPlugins@divx.com/DivX VOD Helper,version=1.0.0: C:Program FilesDivXDivX OVS Helpernpovshelper.dll (DivX, LLC.)
FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@movenetworks.com/Quantum Media Player: File not found
FF - HKLMSoftwareMozillaPlugins@ogplanet.com/npOGPPlugin: C:WINDOWSsystem32npOGPPlugin.dll (OGPlanet)
FF - HKLMSoftwareMozillaPlugins@pandonetworks.com/PandoWebPlugin: C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)
FF - HKLMSoftwareMozillaPlugins@wacom.com/wacom-plugin,version=1.1.0.10: C:Program FilesTabletPluginsnpwacom.dll (Wacom, Inc.)
FF - HKCUSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32.dll ()
FF - HKCUSoftwareMozillaPlugins@facebook.com/FBPlugin,version=1.0.1: C:Documents and SettingsMattApplication DataFacebooknpfbplugin_1_0_1.dll ( )
FF - HKCUSoftwareMozillaPlugins@facebook.com/FBPlugin,version=1.0.3: C:Documents and SettingsMattApplication DataFacebooknpfbplugin_1_0_3.dll ( )
FF - HKCUSoftwareMozillaPlugins@movenetworks.com/Quantum Media Player: File not found
FF - HKCUSoftwareMozillaPluginspandonetworks.com/PandoWebPlugin: C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{3112ca9c-de6d-4884-a869-9855de68056c}: C:Documents and SettingsAll UsersApplication DataMozillaFirefox Extensions{3112ca9c-de6d-4884-a869-9855de68056c} [2007/09/05 22:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{AD59A42B-CEC7-4784-B02D-E46818CE18C7}: C:Documents and SettingsMattLocal SettingsApplication Data{AD59A42B-CEC7-4784-B02D-E46818CE18C7} [2010/02/14 02:26:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:Program FilesDivXDivX Plus Web Playerfirefoxhtml5video [2011/03/07 23:35:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{6904342A-8307-11DF-A508-4AE2DFD72085}: C:Program FilesDivXDivX Plus Web Playerfirefoxwpa [2011/03/07 23:35:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 9.0.1extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2012/01/07 22:28:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 9.0.1extensionsPlugins: C:Program FilesMozilla Firefoxplugins [2011/07/10 19:02:22 | 000,000,000 | ---D | M]

[2008/06/18 22:20:21 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsMattApplication DataMozillaExtensions
[2012/01/21 00:24:27 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions
[2010/12/07 05:47:26 | 000,000,000 | ---D | M] ("Facebook PhotoZoom") -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
[2011/06/25 03:17:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/02 17:48:51 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{36b72fda-9a37-456c-8cc8-cddd4a3fe312}
[2011/02/04 08:54:04 | 000,000,000 | ---D | M] (PDF Download) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/02/04 08:54:03 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/12/07 05:47:18 | 000,000,000 | ---D | M] (Aquatint Black) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2012/01/21 00:24:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/12/07 05:47:27 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensionsextension@virtusdesigns.com
[2011/12/21 07:41:39 | 000,000,000 | ---D | M] ("Reddit Enhancement Suite") -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensionsjid1-xUfzOsOFlzSOXg@jetpack
[2010/06/28 23:01:45 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensionsLogMeInClient@logmein.com
[2009/04/15 18:32:44 | 000,000,000 | ---D | M] (Move Media Player) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensionsmoveplayer@movenetworks.com
[2010/12/07 05:47:26 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensionsextension@virtusdesigns.comchrome
[2010/12/07 05:47:26 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensionsextension@virtusdesigns.comdefaults
[2010/12/07 05:47:18 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{7694c49c-9fbd-11dc-8314-0800200c9a66}chromewinmozappsextensions
[2011/11/11 01:13:04 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions
[2012/01/07 22:27:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:Program Filesmozilla firefoxcomponentsbrowsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:Program Filesmozilla firefoxpluginsnpdeployJava1.dll
[2011/10/07 04:14:02 | 000,002,252 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbing.xml
[2011/11/11 01:12:42 | 000,002,040 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginstwitter.xml

O1 HOSTS File: ([2012/01/24 21:27:42 | 000,000,736 | ---- | M]) - C:WINDOWSsystem32driversetchosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:Program FilesDivXDivX Plus Web Playernpdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:Program FilesDivXDivX Plus Web Playernpdivx32.dll (DivX, LLC)
O4 - HKLM..Run: [avgnt] C:Program FilesAviraAntiVir Desktopavgnt.exe (Avira GmbH)
O4 - HKLM..Run: [NvCplDaemon] C:WINDOWSSystem32NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..Run: [NvMediaCenter] C:WINDOWSSystem32NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..Run: [nwiz] C:WINDOWSSystem32nwiz.exe ()
O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupAdobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupTabUserW.exe.lnk = C:WINDOWSsystem32WTabletTabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:Documents and SettingsMattStart MenuProgramsStartupStardock ObjectDock.lnk = C:Program FilesStardockObjectDockObjectDock.exe (Stardock)
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0
O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRecovery present
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5Catalog_Entries000000000004 [] - C:WINDOWSsystem32nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://dev.srtest.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1181682954490 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1189991968656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.7.254
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{59E455B4-F980-4EAD-A982-F4854EC1B42F}: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{C10AFB3A-9022-4773-8304-CBF544826B0E}: DhcpNameServer = 192.168.7.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WINDOWSexplorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) -C:WINDOWSsystem32userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:Documents and SettingsMattApplication DataMicrosoftInternet ExplorerInternet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:Documents and SettingsMattApplication DataMicrosoftInternet ExplorerInternet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:Program FilesWindows DefenderMpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/12 19:10:02 | 000,000,000 | ---D | M] - C:Autodesk -- [ NTFS ]
O32 - AutoRun File - [2007/06/12 02:02:52 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 15:12:18 | 000,000,088 | R--- | M] () - F:autorun.inf -- [ UDF ]
O33 - MountPoints2{01ca3b00-f0cc-11de-8473-001a926e1f8a}ShellAutoRuncommand - "" = F:Setup_FlipShare.exe
O33 - MountPoints2{01ca3b00-f0cc-11de-8473-001a926e1f8a}ShellSetup FlipSharecommand - "" = F:Setup_FlipShare.exe
O33 - MountPoints2FShell - "" = AutoRun
O33 - MountPoints2FShellAutoRun - "" = Auto&Play
O33 - MountPoints2FShellAutoRuncommand - "" = F:WD SmartWare.exe -- [2009/11/13 13:25:22 | 003,280,672 | R--- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM..comfile [open] -- "%1" %*
O35 - HKLM..exefile [open] -- "%1" %*
O37 - HKLM...com [@ = ComFile] -- "%1" %*
O37 - HKLM...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:WINDOWSSystem32
[2012/01/26 12:19:48 | 004,733,440 | ---- | C] (AVAST Software) -- C:Documents and SettingsMattDesktopaswMBR.exe
[2012/01/26 12:19:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:Documents and SettingsMattDesktopOTL.exe
[2012/01/24 22:26:17 | 000,000,000 | -H-D | C] -- C:Documents and SettingsAll UsersApplication DataCommon Files
[2012/01/24 22:25:49 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataMFAData
[2012/01/24 20:23:10 | 000,000,000 | RH-D | C] -- C:Documents and SettingsMattRecent
[2012/01/24 19:10:41 | 000,000,000 | ---D | C] -- C:WINDOWSpss
[2012/01/24 17:13:12 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataHitmanPro
[2012/01/20 04:38:20 | 000,000,000 | ---D | C] -- C:Documents and SettingsMattDesktopicons
[2012/01/15 21:55:45 | 000,000,000 | ---D | C] -- C:Documents and SettingsMattDesktopMI previews
[2012/01/05 05:37:25 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsRebirthRO
[2012/01/05 05:35:33 | 000,000,000 | ---D | C] -- C:Program FilesRebirthRO
[2010/06/10 21:00:36 | 000,047,360 | ---- | C] (VSO Software) -- C:Documents and SettingsMattApplication Datapcouffin.sys
[3 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]
[10 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:WINDOWSSystem32
[2012/01/26 12:18:31 | 004,733,440 | ---- | M] (AVAST Software) -- C:Documents and SettingsMattDesktopaswMBR.exe
[2012/01/26 12:16:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsMattDesktopOTL.exe
[2012/01/26 12:05:33 | 000,001,945 | ---- | M] () -- C:WINDOWSepplauncher.mif
[2012/01/26 01:54:50 | 000,177,359 | ---- | M] () -- C:WINDOWSSystem32nvapps.xml
[2012/01/26 01:54:46 | 000,000,310 | ---- | M] () -- C:WINDOWStasksGlaryInitialize.job
[2012/01/26 01:54:45 | 000,013,646 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl
[2012/01/26 01:38:19 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat
[2012/01/24 21:27:42 | 000,000,736 | ---- | M] () -- C:WINDOWSSystem32driversetchosts
[2012/01/24 20:12:24 | 000,083,968 | ---- | M] () -- C:Documents and SettingsMattLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/24 19:17:41 | 000,000,430 | ---- | M] () -- C:WINDOWSSystem32driversetchosts.ics
[2012/01/24 18:47:10 | 000,023,624 | ---- | M] () -- C:WINDOWSSystem32drivershitmanpro36.sys
[2012/01/24 18:44:40 | 000,000,750 | ---- | M] () -- C:WINDOWSSystem32.crusader
[2012/01/24 18:14:05 | 000,000,664 | ---- | M] () -- C:WINDOWSSystem32d3d9caps.dat
[2012/01/23 22:18:00 | 000,000,284 | ---- | M] () -- C:WINDOWStasksAppleSoftwareUpdate.job
[2012/01/22 21:18:10 | 000,000,270 | ---- | M] () -- C:Documents and SettingsMattApplication Dataview3dscene.conf
[2012/01/12 03:09:06 | 000,503,110 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat
[2012/01/12 03:09:06 | 000,088,508 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat
[3 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]
[10 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/24 18:44:40 | 000,000,750 | ---- | C] () -- C:WINDOWSSystem32.crusader
[2012/01/24 17:13:52 | 000,023,624 | ---- | C] () -- C:WINDOWSSystem32drivershitmanpro36.sys
[2012/01/22 21:18:10 | 000,000,270 | ---- | C] () -- C:Documents and SettingsMattApplication Dataview3dscene.conf
[2010/06/28 16:42:00 | 000,173,671 | ---- | C] () -- C:WINDOWShpoins40.dat
[2010/06/28 16:42:00 | 000,000,918 | ---- | C] () -- C:WINDOWShpomdl40.dat
[2010/06/28 00:01:10 | 001,980,648 | ---- | C] () -- C:Documents and SettingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
[2010/06/10 21:01:16 | 000,001,189 | ---- | C] () -- C:Documents and SettingsMattApplication Datavso_ts_preview.xml
[2010/06/10 21:00:36 | 000,087,608 | ---- | C] () -- C:Documents and SettingsMattApplication Datainst.exe
[2010/06/10 21:00:36 | 000,007,887 | ---- | C] () -- C:Documents and SettingsMattApplication Datapcouffin.cat
[2010/06/10 21:00:36 | 000,001,144 | ---- | C] () -- C:Documents and SettingsMattApplication Datapcouffin.inf
[2010/06/10 04:17:58 | 000,180,224 | ---- | C] () -- C:WINDOWSSystem32xvidvfw.dll
[2010/06/10 04:02:19 | 000,000,008 | -H-- | C] () -- C:WINDOWSSystem32adb.dat
[2010/02/14 02:26:43 | 000,000,120 | ---- | C] () -- C:WINDOWSQjayogodini.dat
[2010/02/14 02:26:43 | 000,000,000 | ---- | C] () -- C:WINDOWSCbowanojo.bin
[2010/02/03 17:29:20 | 000,261,632 | ---- | C] () -- C:WINDOWSPEV.exe
[2010/02/03 17:29:20 | 000,077,312 | ---- | C] () -- C:WINDOWSMBR.exe
[2010/02/03 17:29:20 | 000,068,096 | ---- | C] () -- C:WINDOWSzip.exe
[2010/02/03 17:29:19 | 000,098,816 | ---- | C] () -- C:WINDOWSsed.exe
[2010/02/03 17:29:19 | 000,080,412 | ---- | C] () -- C:WINDOWSgrep.exe
[2010/01/30 15:22:18 | 000,000,056 | ---- | C] () -- C:WINDOWSkgt2k.INI
[2009/12/06 22:20:16 | 000,118,870 | ---- | C] () -- C:WINDOWShpoins30.dat
[2009/12/06 22:20:16 | 000,000,449 | ---- | C] () -- C:WINDOWShpomdl30.dat
[2009/09/22 20:09:20 | 000,082,232 | -H-- | C] () -- C:WINDOWSSystem32mlfcache.dat
[2009/06/18 16:47:15 | 000,002,048 | ---- | C] () -- C:WINDOWSSystem32Tr_sttool.dat
[2009/05/15 01:09:44 | 000,757,760 | ---- | C] () -- C:WINDOWSSystem32bcm1xsup.dll
[2009/05/15 01:09:44 | 000,086,016 | ---- | C] () -- C:WINDOWSSystem32preflib.dll
[2009/03/02 16:48:59 | 000,057,344 | ---- | C] () -- C:WINDOWSSystem32ff_vfw.dll
[2009/02/05 23:47:36 | 000,172,032 | ---- | C] () -- C:WINDOWSSystem32dsptoolD.dll
[2009/02/05 23:47:36 | 000,065,536 | ---- | C] () -- C:WINDOWSSystem32dsptool.dll
[2008/12/29 16:36:46 | 000,000,085 | -HS- | C] () -- C:Documents and SettingsAll UsersApplication Data.zreglib
[2008/12/27 05:37:36 | 000,000,029 | ---- | C] () -- C:WINDOWSProgs_.ini
[2008/11/10 19:47:54 | 000,000,031 | ---- | C] () -- C:WINDOWSSystem32winnsdows2.dll
[2008/08/26 21:42:29 | 000,047,360 | R--- | C] () -- C:WINDOWSSystem32driversSurroundhp_kern_i386.sys
[2008/08/26 21:42:29 | 000,047,104 | R--- | C] () -- C:WINDOWSSystem32driverstshd4_kern_i386.sys
[2008/08/26 21:42:29 | 000,042,112 | R--- | C] () -- C:WINDOWSSystem32driverscsiidecoder_kern_i386.sys
[2008/08/26 21:42:29 | 000,039,808 | R--- | C] () -- C:WINDOWSSystem32driversSRS_SSCFilter_i386.sys
[2008/08/14 21:22:01 | 000,000,056 | -H-- | C] () -- C:WINDOWSSystem32ezsidmv.dat
[2008/08/13 16:52:29 | 000,000,022 | ---- | C] () -- C:WINDOWSExtractAudio.INI
[2008/07/06 17:24:48 | 000,001,024 | ---- | C] () -- C:Documents and SettingsMattApplication DataWavCodec.wff
[2008/04/14 05:00:00 | 013,107,200 | ---- | C] () -- C:WINDOWSSystem32oembios.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:WINDOWSSystem32mlang.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:WINDOWSSystem32perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:WINDOWSSystem32dssec.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:WINDOWSSystem32mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:WINDOWSSystem32perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:WINDOWSSystem32secupd.dat
[2008/04/14 05:00:00 | 000,004,461 | ---- | C] () -- C:WINDOWSSystem32oembios.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:WINDOWSSystem32Dcache.bin
[2008/01/03 19:26:05 | 000,819,200 | ---- | C] () -- C:WINDOWSSystem32xvidcore.dll
[2008/01/03 19:26:05 | 000,383,238 | ---- | C] () -- C:WINDOWSSystem32libmp3lame-0.dll
[2007/12/17 20:22:04 | 000,000,664 | ---- | C] () -- C:WINDOWSSystem32d3d9caps.dat
[2007/09/10 00:24:04 | 000,001,156 | ---- | C] () -- C:WINDOWSmozver.dat
[2007/09/06 00:45:08 | 000,000,526 | ---- | C] () -- C:WINDOWSwininit.ini
[2007/08/21 00:00:59 | 001,936,528 | ---- | C] () -- C:WINDOWSSystem32ltmm15.dll
[2007/07/17 18:29:39 | 000,016,384 | ---- | C] () -- C:WINDOWSSystem32FileOps.exe
[2007/06/29 17:46:45 | 000,000,611 | ---- | C] () -- C:Documents and SettingsMattApplication DataAutoGK.ini
[2007/06/29 17:11:27 | 000,000,195 | ---- | C] () -- C:WINDOWSIfoEdit.INI
[2007/06/26 23:21:34 | 000,000,229 | ---- | C] () -- C:WINDOWSNeroDigital.ini
[2007/06/26 23:10:25 | 000,000,000 | ---- | C] () -- C:WINDOWSnsreg.dat
[2007/06/26 10:01:16 | 000,002,188 | ---- | C] () -- C:Documents and SettingsAll UsersApplication DataQTSBandwidthCache
[2007/06/25 12:59:36 | 000,000,032 | ---- | C] () -- C:WINDOWSGunzLauncher.INI
[2007/06/25 11:15:21 | 000,001,056 | ---- | C] () -- C:WINDOWSmaxlink.ini
[2007/06/25 11:15:21 | 000,000,090 | ---- | C] () -- C:WINDOWScalera.ini
[2007/06/25 11:15:17 | 000,269,312 | ---- | C] () -- C:WINDOWSSystem32FPXIG.DLL
[2007/06/25 11:15:17 | 000,068,096 | ---- | C] () -- C:WINDOWSSystem32IGFPX32P.DLL
[2007/06/25 11:15:17 | 000,065,024 | ---- | C] () -- C:WINDOWSSystem32JPEGACC.DLL
[2007/06/25 11:15:06 | 000,101,376 | ---- | C] () -- C:WINDOWSSystem32WELSOF32.DLL
[2007/06/25 10:51:09 | 000,013,715 | ---- | C] () -- C:WINDOWSSystem32tablet.dat
[2007/06/25 10:20:30 | 000,073,220 | ---- | C] () -- C:WINDOWSSystem32EPPICPrinterDB.dat
[2007/06/25 10:20:30 | 000,031,053 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern131.dat
[2007/06/25 10:20:30 | 000,029,114 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern1.dat
[2007/06/25 10:20:30 | 000,027,417 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern121.dat
[2007/06/25 10:20:30 | 000,021,021 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern3.dat
[2007/06/25 10:20:30 | 000,015,670 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern5.dat
[2007/06/25 10:20:30 | 000,013,280 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern2.dat
[2007/06/25 10:20:30 | 000,010,673 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern4.dat
[2007/06/25 10:20:30 | 000,004,943 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern6.dat
[2007/06/25 10:20:30 | 000,001,140 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_PT.dat
[2007/06/25 10:20:30 | 000,001,140 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_BP.dat
[2007/06/25 10:20:30 | 000,001,137 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_ES.dat
[2007/06/25 10:20:30 | 000,001,130 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_FR.dat
[2007/06/25 10:20:30 | 000,001,130 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_CF.dat
[2007/06/25 10:20:30 | 000,001,104 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_EN.dat
[2007/06/25 10:20:30 | 000,000,097 | ---- | C] () -- C:WINDOWSSystem32PICSDK.ini
[2007/06/25 10:19:55 | 000,000,083 | ---- | C] () -- C:WINDOWSEPSP1400.ini
[2007/06/22 12:57:44 | 000,083,968 | ---- | C] () -- C:Documents and SettingsMattLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/22 12:32:53 | 000,061,440 | ---- | C] () -- C:WINDOWSSystem32cdTextCtl.dll
[2007/06/22 11:23:08 | 000,000,376 | ---- | C] () -- C:WINDOWSODBC.INI
[2007/06/12 02:23:24 | 000,049,152 | R--- | C] () -- C:WINDOWSSystem32ChCfg.exe
[2007/06/12 02:18:00 | 000,019,959 | ---- | C] () -- C:WINDOWSAscd_tmp.ini
[2007/06/12 02:18:00 | 000,005,810 | R--- | C] () -- C:WINDOWSSystem32driversASACPI.sys
[2007/06/12 02:17:51 | 000,010,288 | ---- | C] () -- C:WINDOWSSystem32driversASUSHWIO.SYS
[2007/06/12 02:04:15 | 000,002,048 | --S- | C] () -- C:WINDOWSbootstat.dat
[2007/06/12 02:00:58 | 000,023,348 | ---- | C] () -- C:WINDOWSSystem32emptyregdb.dat
[2007/06/11 21:20:27 | 000,004,161 | ---- | C] () -- C:WINDOWSODBCINST.INI
[2007/06/11 21:19:33 | 001,652,752 | ---- | C] () -- C:WINDOWSSystem32FNTCACHE.DAT
[2006/09/24 12:37:00 | 000,169,472 | ---- | C] () -- C:WINDOWSSystem32lame_enc.dll
[2006/08/11 22:45:20 | 000,581,632 | ---- | C] () -- C:WINDOWSSystem32nvhwvid.dll
[2006/08/11 22:43:00 | 001,703,936 | ---- | C] () -- C:WINDOWSSystem32nvwdmcpl.dll
[2006/08/11 22:43:00 | 001,630,208 | ---- | C] () -- C:WINDOWSSystem32nwiz.exe
[2006/08/11 22:43:00 | 001,486,848 | ---- | C] () -- C:WINDOWSSystem32nview.dll
[2006/08/11 22:43:00 | 001,339,392 | ---- | C] () -- C:WINDOWSSystem32nvdspsch.exe
[2006/08/11 22:43:00 | 001,019,904 | ---- | C] () -- C:WINDOWSSystem32nvwimg.dll
[2006/08/11 22:43:00 | 000,466,944 | ---- | C] () -- C:WINDOWSSystem32nvshell.dll
[2006/08/11 22:43:00 | 000,442,368 | ---- | C] () -- C:WINDOWSSystem32nvappbar.exe
[2006/08/11 22:43:00 | 000,425,984 | ---- | C] () -- C:WINDOWSSystem32keystone.exe
[2006/08/11 22:43:00 | 000,286,720 | ---- | C] () -- C:WINDOWSSystem32nvnt4cpl.dll
[2006/03/18 07:16:04 | 000,540,178 | ---- | C] () -- C:WINDOWSSystem32x264vfw.dll
[2006/03/03 19:04:38 | 000,303,104 | ---- | C] () -- C:WINDOWSSystem32qscl.dll
[2006/02/28 06:00:00 | 000,503,110 | ---- | C] () -- C:WINDOWSSystem32perfh009.dat
[2006/02/28 06:00:00 | 000,088,508 | ---- | C] () -- C:WINDOWSSystem32perfc009.dat
[2006/02/28 06:00:00 | 000,000,741 | ---- | C] () -- C:WINDOWSSystem32noise.dat
[2005/03/30 12:29:16 | 000,114,688 | ---- | C] () -- C:WINDOWSSystem32msvos.dll
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:WINDOWSSystem32unrar.dll
[2002/03/16 18:00:00 | 000,007,420 | ---- | C] () -- C:WINDOWSUA000091.DLL

========== LOP Check ==========

[2008/10/17 12:11:05 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data2DBoy
[2011/07/12 02:57:43 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAbleton
[2010/04/03 13:48:52 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAIM
[2010/02/12 19:20:44 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAutodesk
[2009/12/07 04:34:44 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAventail
[2008/07/02 06:26:59 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataComcast
[2012/01/24 22:26:17 | 000,000,000 | -H-D | M] -- C:Documents and SettingsAll UsersApplication DataCommon Files
[2008/12/29 16:36:52 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataElaborate Bytes
[2007/06/25 11:46:24 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataEPSON
[2008/06/10 00:54:40 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataFuncom
[2012/01/24 20:23:09 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataHitmanPro
[2012/01/24 22:26:17 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataMFAData
[2009/06/18 17:22:20 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataNCH Swift Sound
[2009/05/09 01:25:27 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPACE Anti-Piracy
[2012/01/24 00:59:30 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPMB Files
[2008/12/25 04:55:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataRiver Past G5
[2010/05/18 02:35:14 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataSony
[2008/08/26 21:42:39 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataSRS Labs
[2008/11/09 01:16:18 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataSupportSoft
[2011/03/26 07:39:23 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataTEMP
[2008/04/24 23:40:56 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUlead Systems
[2010/05/27 02:41:38 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataVivitar
[2010/05/27 02:39:43 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataVivitar Experience Image Manager
[2010/06/10 21:31:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Datavsosdk
[2010/07/20 04:44:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataWestern Digital
[2011/06/16 17:38:25 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataWildTangent
[2010/01/30 06:03:25 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataWinZip
[2010/11/08 17:04:00 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 23:18:07 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 00:33:20 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/12 02:57:40 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataAbleton
[2010/04/03 13:49:18 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication Dataacccore
[2009/08/30 20:11:54 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataAcoustica
[2010/02/12 19:20:44 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataAutodesk
[2009/09/27 15:53:15 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataAventail
[2010/06/10 04:04:24 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataAviDvdBurner
[2012/01/05 06:13:50 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataBitTorrent
[2009/04/09 15:38:36 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataBump Technologies, Inc
[2007/08/27 03:14:35 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication Datacom.miieditor.MiiEditor
[2011/03/07 23:37:08 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataDDMSettings
[2007/12/17 22:08:26 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataEltima Software
[2010/03/30 16:38:52 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataFacebook
[2008/10/25 00:59:22 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataGConvert
[2007/07/05 10:51:57 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataGeoVid
[2010/01/28 21:56:36 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataGetRightToGo
[2010/02/04 17:37:51 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataGlarySoft
[2009/10/01 20:54:48 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication Datagtk-2.0
[2008/12/29 17:03:48 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataImgBurn
[2010/11/02 22:08:18 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication Datakompozer.net
[2007/06/25 10:26:52 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataLeadertech
[2008/12/24 15:03:12 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataLimeWire
[2011/05/31 13:07:23 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataLolClient
[2010/02/22 22:03:43 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataMael
[2007/06/29 23:17:09 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataMoyea
[2009/06/18 17:19:38 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataNCH Swift Sound
[2010/03/31 02:34:34 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataOpenOffice.org
[2009/05/09 01:25:27 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataPACE Anti-Piracy
[2010/05/18 02:43:17 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataPublish Providers
[2008/07/06 17:08:47 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataRecordpad
[2008/12/24 20:08:53 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataRiver Past G5
[2010/05/18 02:43:11 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataSony
[2011/02/28 22:30:05 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataSynthMaker
[2010/06/10 21:42:47 | 000,000,000 | ---D | M] -- C:Documents and SettingsMattApplication DataVso
[2012/01/26 01:54:46 | 000,000,310 | ---- | M] () -- C:WINDOWSTasksGlaryInitialize.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:Documents and SettingsAll UsersApplication DataTEMP:8CE646EE
@Alternate Data Stream - 1329 bytes -> C:Documents and SettingsMattLocal SettingsApplication DatanXfF5Lhp5DL:X64psVF3DJ5ANo0AocHZOvY
@Alternate Data Stream - 1263 bytes -> C:Documents and SettingsAll UsersApplication DataMicrosoft:NQ0etMVuYRsOhuGSA
@Alternate Data Stream - 1123 bytes -> C:Documents and SettingsAll UsersApplication DataMicrosoft:9ITOI0pO1QIPjiMMeA9

< End of report >

NEW OTL REPORT

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@Apple.com/iTunes,version= deleted successfully.
Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@movenetworks.com/Quantum Media Player deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:WINDOWSDownloaded Program Fileserma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} not found.
Registry key HKEY_CURRENT_USERSOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} deleted successfully.
Registry key HKEY_USERS.DEFAULTSOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} not found.
Registry key HKEY_CURRENT_USERSOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} deleted successfully.
Registry key HKEY_USERS.DEFAULTSOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} not found.
Registry key HKEY_CURRENT_USERSOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} deleted successfully.
Registry key HKEY_USERS.DEFAULTSOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} not found.
Registry key HKEY_CURRENT_USERSOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} deleted successfully.
Registry key HKEY_USERS.DEFAULTSOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}DownloadInformationINF .
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} not found.
Registry key HKEY_CURRENT_USERSOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} deleted successfully.
Registry key HKEY_USERS.DEFAULTSOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} deleted successfully.
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} not found.
C:WINDOWSkgt2k.INI moved successfully.
C:Documents and SettingsMattApplication DataLimeWirexmlschemas folder moved successfully.
C:Documents and SettingsMattApplication DataLimeWirexmlmisc folder moved successfully.
C:Documents and SettingsMattApplication DataLimeWirexmldata folder moved successfully.
C:Documents and SettingsMattApplication DataLimeWirexml folder moved successfully.
C:Documents and SettingsMattApplication DataLimeWirethemeswindows_theme folder moved successfully.
C:Documents and SettingsMattApplication DataLimeWirethemesother_theme folder moved successfully.
C:Documents and SettingsMattApplication DataLimeWirethemeslimewire_theme folder moved successfully.
C:Documents and SettingsMattApplication DataLimeWirethemesclassic_theme folder moved successfully.
C:Documents and SettingsMattApplication DataLimeWirethemesblack_theme folder moved successfully.
C:Documents and SettingsMattApplication DataLimeWirethemes folder moved successfully.
C:Documents and SettingsMattApplication DataLimeWirepromotion folder moved successfully.
C:Documents and SettingsMattApplication DataLimeWirecertificate folder moved successfully.
C:Documents and SettingsMattApplication DataLimeWire.NetworkShareIncomplete folder moved successfully.
C:Documents and SettingsMattApplication DataLimeWire.NetworkShare folder moved successfully.
C:Documents and SettingsMattApplication DataLimeWire.AppSpecialShare folder moved successfully.
C:Documents and SettingsMattApplication DataLimeWire folder moved successfully.
ADS C:Documents and SettingsAll UsersApplication DataTEMP:8CE646EE deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 69612 bytes
->Temporary Internet Files folder emptied: 2773131186 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3955 bytes

User: Matt
->Temp folder emptied: 2642313 bytes
->Temporary Internet Files folder emptied: 103522 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54362791 bytes
->Flash cache emptied: 10496387 bytes

User: NetworkService
->Temp folder emptied: 1254046 bytes
->Temporary Internet Files folder emptied: 416812830 bytes
->Java cache emptied: 320086 bytes
->Flash cache emptied: 12329 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 5528492 bytes
%systemroot%System32 .tmp files removed: 2675729 bytes
%systemroot%System32dllcache .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 183983 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 184966294 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 5144569 bytes
RecycleBin emptied: 1113001316 bytes

Total Files Cleaned = 4,359.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01272012_044201

FilesFolders moved on Reboot...

Registry entries deleted on Reboot...


COMBOFIX REPORT

ComboFix 10-02-03.04 - Matt 02/03/2010 17:30:26.1.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1724 [GMT -6:00]
Running from: c:documents and settingsMattDesktopantivirus toolsComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsAll UsersStart MenuProgramsStartupAntiVirus Plus.lnk
c:documents and settingsMattApplication DataAntiVirus Plus
c:documents and settingsMattApplication DataAntiVirus PlusAntiVirus Plus.70700.dll
c:documents and settingsMattApplication Dataavp.ico
c:documents and settingsMattApplication DataInstall.dat
c:documents and settingsMattApplication DataMicrosoftInternet ExplorerQuick LaunchAntiVirus Plus.lnk
c:documents and settingsMattApplication DataSystemProc
c:documents and settingsMattApplication DataSystemProclsass.exe
c:documents and settingsMattDesktopAntiVirus Plus.lnk
c:documents and settingsMattStart MenuProgramsAntiVirus Plus
c:documents and settingsMattStart MenuProgramsAntiVirus PlusAntiVirus Plus.lnk
c:documents and settingsMattStart MenuProgramsAntiVirus PlusEULA.url
c:documents and settingsMattStart MenuProgramsAntiVirus PlusUninstall.lnk
c:documents and settingsMattStart MenuProgramsStartupAntiVirus Plus.lnk
c:windows764.exe
c:windowsaconti.exe
c:windowsEventSystem.log
c:windowssystem32awtrqqn.dll
c:windowssystem32din.ip
c:windowssystem32driversbg_bg.gif
c:windowssystem32driversblank.gif
c:windowssystem32driversbox_1.gif
c:windowssystem32driversbox_2.gif
c:windowssystem32driversbox_3.gif
c:windowssystem32driversbutton_buynow.gif
c:windowssystem32driversbutton_freescan.gif
c:windowssystem32driverscell_bg.gif
c:windowssystem32driverscell_footer.gif
c:windowssystem32driverscell_header_block.gif
c:windowssystem32driverscell_header_remove.gif
c:windowssystem32driverscell_header_scan.gif
c:windowssystem32driversclose_ico.gif
c:windowssystem32driversdetect.htm
c:windowssystem32driversdownload_box.gif
c:windowssystem32driversdownload_btn.jpg
c:windowssystem32driversdownload_now_btn.gif
c:windowssystem32driversfooter_back.jpg
c:windowssystem32driversheader_1.gif
c:windowssystem32driversheader_2.gif
c:windowssystem32driversheader_3.gif
c:windowssystem32driversheader_4.gif
c:windowssystem32driversheader_red_bg.gif
c:windowssystem32driversheader_red_free_scan.gif
c:windowssystem32driversheader_red_free_scan_bg.gif
c:windowssystem32driversheader_red_protect_your_pc.gif
c:windowssystem32driversicon_warning_big.gif
c:windowssystem32driversinfected.gif
c:windowssystem32driversmain_back.gif
c:windowssystem32driversperfect_cleaner_box.jpg
c:windowssystem32driversproduct_1_header.gif
c:windowssystem32driversproduct_1_name_small.gif
c:windowssystem32driversproduct_2_header.gif
c:windowssystem32driversproduct_2_name_small.gif
c:windowssystem32driversproduct_3_header.gif
c:windowssystem32driversproduct_3_name_small.gif
c:windowssystem32driversproduct_features.gif
c:windowssystem32driverspt.htm
c:windowssystem32driversrating.gif
c:windowssystem32driversremove_spyware_header.gif
c:windowssystem32driverss_detect.htm
c:windowssystem32driversscreenshot.jpg
c:windowssystem32driverssep_hor.gif
c:windowssystem32driverssep_vert.gif
c:windowssystem32driversshadow.jpg
c:windowssystem32driversshadow_bg.gif
c:windowssystem32driversspacer.gif
c:windowssystem32driversspy_away_box.jpg
c:windowssystem32driversspyware_detected.gif
c:windowssystem32driversstar.gif
c:windowssystem32driversstar_gray.gif
c:windowssystem32driversstar_gray_small.gif
c:windowssystem32driversstar_small.gif
c:windowssystem32driversstyle.css
c:windowssystem32driversv.gif
c:windowssystem32driverswarning_ico.gif
c:windowssystem32driverswarning_icon.gif
c:windowssystem32driverswin_logo.gif
c:windowssystem32driversx.gif
c:windowssystem32driversyellow_warning_ico.gif
c:windowssystem32ESHOPEE.exe
c:windowssystem32gtv_sd.bin
c:windowssystem32SHELLLNK.TLB
c:windowssystem32spoolprtprocsw32x8600007e91.tmp
c:windowssystem32stfv.bin
c:windowssystem32sznf.ascii
c:windowsTasks{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:windowsunins000.dat
c:windowsunins000.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------Legacy_6TO4
-------Service_6to4


((((((((((((((((((((((((( Files Created from 2010-01-03 to 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-02-03 23:15 . 2010-02-03 23:15 -------- d-----w- c:windowsLastGood
2010-02-03 23:08 . 2008-04-14 11:00 229439 -c--a-w- c:windowssystem32dllcachemultibox.dll
2010-02-03 22:59 . 2010-02-03 23:12 -------- d-----w- c:windowsNV8441432.TMP
2010-02-03 22:55 . 2008-04-14 11:00 24661 -c--a-w- c:windowssystem32dllcachespxcoins.dll
2010-02-03 22:55 . 2008-04-14 11:00 24661 ----a-w- c:windowssystem32spxcoins.dll
2010-02-03 22:55 . 2008-04-14 11:00 13312 -c--a-w- c:windowssystem32dllcacheirclass.dll
2010-02-03 22:55 . 2008-04-14 11:00 13312 ----a-w- c:windowssystem32irclass.dll
2010-02-03 16:46 . 2010-02-03 16:46 -------- d-----w- c:windowsNLDRV
2010-02-02 00:06 . 2010-02-02 00:06 42496 ----a-w- C:kkalf.exe
2010-02-02 00:06 . 2010-02-02 00:06 39424 ----a-w- C:yfoku.exe
2010-01-30 11:22 . 2010-01-30 12:03 -------- d-----w- c:documents and settingsAll UsersApplication DataWinZip
2010-01-29 03:50 . 2010-01-29 09:03 -------- d-----w- c:program filesMicrosoft Works
2010-01-29 03:49 . 2010-01-29 03:49 -------- d-----w- c:program filesMicrosoft.NET
2010-01-29 03:46 . 2010-01-29 03:46 -------- d-----r- C:MSOCache
2010-01-25 09:03 . 2010-01-25 09:03 -------- d-----w- c:documents and settingsDefault UserLocal SettingsApplication DataMicrosoft Help
2010-01-25 03:30 . 2010-01-25 03:30 -------- d-----w- c:documents and settingsMattLocal SettingsApplication DataMicrosoft Help
2010-01-25 03:30 . 2010-01-30 09:03 -------- d-----w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2010-01-20 05:03 . 2010-01-20 05:03 -------- d-----w- c:windowsAdobe Illustrator CS
2010-01-05 17:23 . 2010-01-05 17:23 1614848 ----a-w- c:windowssystem32sfcfiles.dll
2010-01-05 17:22 . 2010-01-05 17:22 217128 ----a-w- c:windowssystem32driversSi3132r5.sys
2010-01-05 17:22 . 2010-01-05 17:22 80424 ----a-w- c:windowssystem32driverssi3132.sys
2010-01-05 17:22 . 2010-01-05 17:22 990208 ----a-w- c:windowssystem32syssetup.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 23:41 . 2007-06-25 16:51 13712 ----a-w- c:windowssystem32tablet.dat
2010-02-03 23:17 . 2007-06-15 17:52 88504 ----a-w- c:documents and settingsMattLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-02-03 23:06 . 2007-06-12 08:00 23348 ----a-w- c:windowssystem32emptyregdb.dat
2010-02-01 22:46 . 2007-06-25 16:45 -------- d-----w- c:program filesKaZaA
2010-02-01 19:20 . 2008-01-24 07:40 -------- d---a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-01-29 03:56 . 2007-08-21 05:59 -------- d-----w- c:documents and settingsMattApplication DataGetRightToGo
2010-01-24 09:02 . 2009-09-23 02:09 41068 ---ha-w- c:windowssystem32mlfcache.dat
2010-01-20 05:06 . 2007-06-26 04:41 -------- d-----w- c:program filesCommon FilesAdobe
2010-01-20 05:05 . 2007-06-12 08:22 -------- d--h--w- c:program filesInstallShield Installation Information
2010-01-14 17:12 . 2009-10-05 06:06 181120 ------w- c:windowssystem32MpSigStub.exe
2009-12-30 22:20 . 2007-06-28 19:03 -------- d-----w- c:documents and settingsMattApplication DataBitTorrent
2009-12-25 09:51 . 2009-12-25 09:29 -------- d-----w- c:program filesStarcraft
2009-12-24 13:52 . 2009-12-24 13:52 -------- d-----w- c:program filesBitTorrent
2009-12-18 02:47 . 2009-12-18 02:47 -------- d-----w- c:program filesTotal Video Converter
2009-12-17 13:31 . 2009-12-17 13:14 -------- d-----w- c:program filesFreeTime
2009-12-17 11:32 . 2007-06-25 16:55 -------- d-----w- c:documents and settingsMattApplication DataApple Computer
2009-12-17 11:22 . 2007-07-12 22:19 -------- d-----w- c:documents and settingsAll UsersApplication DataApple
2009-12-07 10:43 . 2007-09-06 06:21 -------- d-----w- c:program filesSpybot - Search & Destroy
2009-12-07 10:34 . 2009-09-27 21:50 -------- d-----w- c:documents and settingsAll UsersApplication DataAventail
2009-12-07 04:23 . 2009-12-07 04:20 118870 ----a-w- c:windowshpoins30.dat
2009-12-07 04:21 . 2009-12-07 04:21 -------- d-----w- c:program filesCommon FilesHP
2009-12-07 04:21 . 2009-12-07 04:21 -------- d-----w- c:program filesCommon FilesHewlett-Packard
2009-12-07 04:21 . 2009-12-07 04:21 -------- d-----w- c:program filesHewlett-Packard
2009-12-07 04:21 . 2009-12-07 04:21 -------- d-----w- c:program filesHP
2009-11-19 17:48 . 2009-12-01 09:58 872960 ----a-w- c:documents and settingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}componentsfrozen.dll
2009-11-19 17:48 . 2009-12-01 09:58 43008 ----a-w- c:documents and settingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}componentsgoogletoolbarloader.dll
2009-11-19 17:48 . 2009-12-01 09:58 340480 ----a-w- c:documents and settingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}librariesgoogletoolbar-ff2.dll
2009-11-19 17:48 . 2009-12-01 09:58 346624 ----a-w- c:documents and settingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}librariesgoogletoolbar-ff3.dll
.

------- Sigcheck -------

[-] 2010-01-05 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"SpybotSD TeaTimer"="c:program filesSpybot - Search & DestroyTeaTimer.exe" [2009-03-05 2260480]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
"FlashPlayerUpdate"="c:windowssystem32MacromedFlashNPSWF32_FlashUtil.exe" [2009-10-28 257440]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SkyTel"="Sk

#15 nomoretubesforme

nomoretubesforme

    Member

  • Members
  • 26 posts

Posted 27 January 2012 - 05:57 PM

Ah, sorry, the combofix report got cut off. here's the whole thing.

ComboFix 10-02-03.04 - Matt 02/03/2010 17:30:26.1.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1724 [GMT -6:00]
Running from: c:documents and settingsMattDesktopantivirus toolsComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsAll UsersStart MenuProgramsStartupAntiVirus Plus.lnk
c:documents and settingsMattApplication DataAntiVirus Plus
c:documents and settingsMattApplication DataAntiVirus PlusAntiVirus Plus.70700.dll
c:documents and settingsMattApplication Dataavp.ico
c:documents and settingsMattApplication DataInstall.dat
c:documents and settingsMattApplication DataMicrosoftInternet ExplorerQuick LaunchAntiVirus Plus.lnk
c:documents and settingsMattApplication DataSystemProc
c:documents and settingsMattApplication DataSystemProclsass.exe
c:documents and settingsMattDesktopAntiVirus Plus.lnk
c:documents and settingsMattStart MenuProgramsAntiVirus Plus
c:documents and settingsMattStart MenuProgramsAntiVirus PlusAntiVirus Plus.lnk
c:documents and settingsMattStart MenuProgramsAntiVirus PlusEULA.url
c:documents and settingsMattStart MenuProgramsAntiVirus PlusUninstall.lnk
c:documents and settingsMattStart MenuProgramsStartupAntiVirus Plus.lnk
c:windows764.exe
c:windowsaconti.exe
c:windowsEventSystem.log
c:windowssystem32awtrqqn.dll
c:windowssystem32din.ip
c:windowssystem32driversbg_bg.gif
c:windowssystem32driversblank.gif
c:windowssystem32driversbox_1.gif
c:windowssystem32driversbox_2.gif
c:windowssystem32driversbox_3.gif
c:windowssystem32driversbutton_buynow.gif
c:windowssystem32driversbutton_freescan.gif
c:windowssystem32driverscell_bg.gif
c:windowssystem32driverscell_footer.gif
c:windowssystem32driverscell_header_block.gif
c:windowssystem32driverscell_header_remove.gif
c:windowssystem32driverscell_header_scan.gif
c:windowssystem32driversclose_ico.gif
c:windowssystem32driversdetect.htm
c:windowssystem32driversdownload_box.gif
c:windowssystem32driversdownload_btn.jpg
c:windowssystem32driversdownload_now_btn.gif
c:windowssystem32driversfooter_back.jpg
c:windowssystem32driversheader_1.gif
c:windowssystem32driversheader_2.gif
c:windowssystem32driversheader_3.gif
c:windowssystem32driversheader_4.gif
c:windowssystem32driversheader_red_bg.gif
c:windowssystem32driversheader_red_free_scan.gif
c:windowssystem32driversheader_red_free_scan_bg.gif
c:windowssystem32driversheader_red_protect_your_pc.gif
c:windowssystem32driversicon_warning_big.gif
c:windowssystem32driversinfected.gif
c:windowssystem32driversmain_back.gif
c:windowssystem32driversperfect_cleaner_box.jpg
c:windowssystem32driversproduct_1_header.gif
c:windowssystem32driversproduct_1_name_small.gif
c:windowssystem32driversproduct_2_header.gif
c:windowssystem32driversproduct_2_name_small.gif
c:windowssystem32driversproduct_3_header.gif
c:windowssystem32driversproduct_3_name_small.gif
c:windowssystem32driversproduct_features.gif
c:windowssystem32driverspt.htm
c:windowssystem32driversrating.gif
c:windowssystem32driversremove_spyware_header.gif
c:windowssystem32driverss_detect.htm
c:windowssystem32driversscreenshot.jpg
c:windowssystem32driverssep_hor.gif
c:windowssystem32driverssep_vert.gif
c:windowssystem32driversshadow.jpg
c:windowssystem32driversshadow_bg.gif
c:windowssystem32driversspacer.gif
c:windowssystem32driversspy_away_box.jpg
c:windowssystem32driversspyware_detected.gif
c:windowssystem32driversstar.gif
c:windowssystem32driversstar_gray.gif
c:windowssystem32driversstar_gray_small.gif
c:windowssystem32driversstar_small.gif
c:windowssystem32driversstyle.css
c:windowssystem32driversv.gif
c:windowssystem32driverswarning_ico.gif
c:windowssystem32driverswarning_icon.gif
c:windowssystem32driverswin_logo.gif
c:windowssystem32driversx.gif
c:windowssystem32driversyellow_warning_ico.gif
c:windowssystem32ESHOPEE.exe
c:windowssystem32gtv_sd.bin
c:windowssystem32SHELLLNK.TLB
c:windowssystem32spoolprtprocsw32x8600007e91.tmp
c:windowssystem32stfv.bin
c:windowssystem32sznf.ascii
c:windowsTasks{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:windowsunins000.dat
c:windowsunins000.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------Legacy_6TO4
-------Service_6to4


((((((((((((((((((((((((( Files Created from 2010-01-03 to 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-02-03 23:15 . 2010-02-03 23:15 -------- d-----w- c:windowsLastGood
2010-02-03 23:08 . 2008-04-14 11:00 229439 -c--a-w- c:windowssystem32dllcachemultibox.dll
2010-02-03 22:59 . 2010-02-03 23:12 -------- d-----w- c:windowsNV8441432.TMP
2010-02-03 22:55 . 2008-04-14 11:00 24661 -c--a-w- c:windowssystem32dllcachespxcoins.dll
2010-02-03 22:55 . 2008-04-14 11:00 24661 ----a-w- c:windowssystem32spxcoins.dll
2010-02-03 22:55 . 2008-04-14 11:00 13312 -c--a-w- c:windowssystem32dllcacheirclass.dll
2010-02-03 22:55 . 2008-04-14 11:00 13312 ----a-w- c:windowssystem32irclass.dll
2010-02-03 16:46 . 2010-02-03 16:46 -------- d-----w- c:windowsNLDRV
2010-02-02 00:06 . 2010-02-02 00:06 42496 ----a-w- C:kkalf.exe
2010-02-02 00:06 . 2010-02-02 00:06 39424 ----a-w- C:yfoku.exe
2010-01-30 11:22 . 2010-01-30 12:03 -------- d-----w- c:documents and settingsAll UsersApplication DataWinZip
2010-01-29 03:50 . 2010-01-29 09:03 -------- d-----w- c:program filesMicrosoft Works
2010-01-29 03:49 . 2010-01-29 03:49 -------- d-----w- c:program filesMicrosoft.NET
2010-01-29 03:46 . 2010-01-29 03:46 -------- d-----r- C:MSOCache
2010-01-25 09:03 . 2010-01-25 09:03 -------- d-----w- c:documents and settingsDefault UserLocal SettingsApplication DataMicrosoft Help
2010-01-25 03:30 . 2010-01-25 03:30 -------- d-----w- c:documents and settingsMattLocal SettingsApplication DataMicrosoft Help
2010-01-25 03:30 . 2010-01-30 09:03 -------- d-----w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2010-01-20 05:03 . 2010-01-20 05:03 -------- d-----w- c:windowsAdobe Illustrator CS
2010-01-05 17:23 . 2010-01-05 17:23 1614848 ----a-w- c:windowssystem32sfcfiles.dll
2010-01-05 17:22 . 2010-01-05 17:22 217128 ----a-w- c:windowssystem32driversSi3132r5.sys
2010-01-05 17:22 . 2010-01-05 17:22 80424 ----a-w- c:windowssystem32driverssi3132.sys
2010-01-05 17:22 . 2010-01-05 17:22 990208 ----a-w- c:windowssystem32syssetup.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 23:41 . 2007-06-25 16:51 13712 ----a-w- c:windowssystem32tablet.dat
2010-02-03 23:17 . 2007-06-15 17:52 88504 ----a-w- c:documents and settingsMattLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-02-03 23:06 . 2007-06-12 08:00 23348 ----a-w- c:windowssystem32emptyregdb.dat
2010-02-01 22:46 . 2007-06-25 16:45 -------- d-----w- c:program filesKaZaA
2010-02-01 19:20 . 2008-01-24 07:40 -------- d---a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-01-29 03:56 . 2007-08-21 05:59 -------- d-----w- c:documents and settingsMattApplication DataGetRightToGo
2010-01-24 09:02 . 2009-09-23 02:09 41068 ---ha-w- c:windowssystem32mlfcache.dat
2010-01-20 05:06 . 2007-06-26 04:41 -------- d-----w- c:program filesCommon FilesAdobe
2010-01-20 05:05 . 2007-06-12 08:22 -------- d--h--w- c:program filesInstallShield Installation Information
2010-01-14 17:12 . 2009-10-05 06:06 181120 ------w- c:windowssystem32MpSigStub.exe
2009-12-30 22:20 . 2007-06-28 19:03 -------- d-----w- c:documents and settingsMattApplication DataBitTorrent
2009-12-25 09:51 . 2009-12-25 09:29 -------- d-----w- c:program filesStarcraft
2009-12-24 13:52 . 2009-12-24 13:52 -------- d-----w- c:program filesBitTorrent
2009-12-18 02:47 . 2009-12-18 02:47 -------- d-----w- c:program filesTotal Video Converter
2009-12-17 13:31 . 2009-12-17 13:14 -------- d-----w- c:program filesFreeTime
2009-12-17 11:32 . 2007-06-25 16:55 -------- d-----w- c:documents and settingsMattApplication DataApple Computer
2009-12-17 11:22 . 2007-07-12 22:19 -------- d-----w- c:documents and settingsAll UsersApplication DataApple
2009-12-07 10:43 . 2007-09-06 06:21 -------- d-----w- c:program filesSpybot - Search & Destroy
2009-12-07 10:34 . 2009-09-27 21:50 -------- d-----w- c:documents and settingsAll UsersApplication DataAventail
2009-12-07 04:23 . 2009-12-07 04:20 118870 ----a-w- c:windowshpoins30.dat
2009-12-07 04:21 . 2009-12-07 04:21 -------- d-----w- c:program filesCommon FilesHP
2009-12-07 04:21 . 2009-12-07 04:21 -------- d-----w- c:program filesCommon FilesHewlett-Packard
2009-12-07 04:21 . 2009-12-07 04:21 -------- d-----w- c:program filesHewlett-Packard
2009-12-07 04:21 . 2009-12-07 04:21 -------- d-----w- c:program filesHP
2009-11-19 17:48 . 2009-12-01 09:58 872960 ----a-w- c:documents and settingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}componentsfrozen.dll
2009-11-19 17:48 . 2009-12-01 09:58 43008 ----a-w- c:documents and settingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}componentsgoogletoolbarloader.dll
2009-11-19 17:48 . 2009-12-01 09:58 340480 ----a-w- c:documents and settingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}librariesgoogletoolbar-ff2.dll
2009-11-19 17:48 . 2009-12-01 09:58 346624 ----a-w- c:documents and settingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}librariesgoogletoolbar-ff3.dll
.

------- Sigcheck -------

[-] 2010-01-05 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:windowssystem32sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"SpybotSD TeaTimer"="c:program filesSpybot - Search & DestroyTeaTimer.exe" [2009-03-05 2260480]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
"FlashPlayerUpdate"="c:windowssystem32MacromedFlashNPSWF32_FlashUtil.exe" [2009-10-28 257440]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2008-05-03 13529088]
"RemoteControl"="c:program filesCyberLinkPowerDVDPDVDServ.exe" [2005-01-12 32768]
"Windows Defender"="c:program filesWindows DefenderMSASCui.exe" [2006-11-03 866584]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"AVG8_TRAY"="c:progra~1AVGAVG8avgtray.exe" [2009-12-12 2043160]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 8.0ReaderReader_sl.exe" [2008-10-15 39792]
"Broadcom Wireless Manager"="c:windowssystem32wltray.exe" [2007-06-14 1282048]
"AdobeCS4ServiceManager"="c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:program filesJavajre6binjusched.exe" [2009-07-25 149280]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2009-09-09 305440]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"NvMediaCenter"="c:windowssystem32NvMcTray.dll" [2008-05-03 86016]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"DWQueuedReporting"="c:progra~1COMMON~1MICROS~1DWdwtrig20.exe" [2008-11-04 435096]

c:documents and settingsAll UsersStart MenuProgramsStartup
Adobe Gamma Loader.lnk - c:program filesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2007-6-25 110592]
Microsoft Office.lnk - c:program filesMicrosoft OfficeOffice10OSA.EXE [2001-2-13 83360]
TabUserW.exe.lnk - c:windowssystem32WTabletTabUserW.exe [2007-6-25 114688]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavgrsstarter]
2009-08-17 20:02 11952 ----a-w- c:windowssystem32avgrsstx.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@="Service"

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"c:Program FilesScanSoftPaperPortNAVBrowser.exe"=
"%windir%Network Diagnosticxpnetdiag.exe"=
"c:Program FilesMicrosoft GamesFlight Simulator 9fs9.exe"=
"c:WINDOWSsystem32dpnsvr.exe"=
"c:Program FilesBitTorrentbittorrent.exe"=
"c:Program FilesCommon FilesAheadNero WebSetupX.exe"=
"c:Program FilesNeroNero 7Nero HomeNeroHome.exe"=
"c:WINDOWSsystem32dpvsetup.exe"=
"c:WINDOWSsystem32sol.exe"=
"c:Program FilesWiFiConnectorNintendoWFCReg.exe"=
"c:Program FilesJavajre6binjava.exe"=
"c:Program FilesAVGAVG8avgupd.exe"=
"c:Program FilesAVGAVG8avgnsx.exe"=
"c:Program FilesDynex G USB Network AdapterDynexWCUI.exe"=
"c:Program FilesBonjourmDNSResponder.exe"=
"c:Program FilesMozilla Firefoxfirefox.exe"=
"c:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe"=
"c:Program FilesiTunesiTunes.exe"=
"c:Program FilesHPDigital Imagingbinhpqkygrp.exe"=
"c:Program FilesHPDigital ImagingbinhpfcCopy.exe"=
"c:Program FilesHPDigital Imagingbinhpiscnapp.exe"=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [3/20/2009 1:43 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:windowssystem32driversavgtdix.sys [3/20/2009 1:43 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:progra~1AVGAVG8avgwdsvc.exe [3/20/2009 1:43 PM 297752]
R2 WinDefend;Windows Defender;c:program filesWindows DefenderMsMpEng.exe [11/3/2006 5:19 PM 13592]
S0 sptd;sptd;c:windowssystem32driverssptd.sys [12/29/2008 4:41 PM 717296]
S3 Moucaersrhms;Moucaersrhms; [x]
S3 ndismgr;ndismgr;??c:windowssystem32ndismgr.sys --> c:windowssystem32ndismgr.sys [?]
S3 NdisWDM;Dynex Wireless G USB Network Adapter Service;c:windowssystem32driversNdisWDM.sys [5/15/2009 1:09 AM 198144]
S3 NgFilter;Aventail VPN Filter;c:windowssystem32DRIVERSngfilter.sys --> c:windowssystem32DRIVERSngfilter.sys [?]
S3 NgLog;Aventail VPN Logging;c:windowssystem32DRIVERSnglog.sys --> c:windowssystem32DRIVERSnglog.sys [?]
S3 NgVpn;Aventail VPN Adapter;c:windowssystem32DRIVERSngvpn.sys --> c:windowssystem32DRIVERSngvpn.sys [?]
S3 NgWfp;Aventail VPN Callout;c:windowssystem32DRIVERSngwfp.sys --> c:windowssystem32DRIVERSngwfp.sys [?]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-02-03 c:windowsTasksMP Scheduled Scan.job
- c:program filesWindows DefenderMpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office12EXCEL.EXE/3000
TCP: {4F24985C-D5D2-4C42-B27F-8D757EDBA6B8} = 93.188.165.186,93.188.166.24
TCP: {C10AFB3A-9022-4773-8304-CBF544826B0E} = 93.188.165.186,93.188.166.24
FF - ProfilePath - c:documents and settingsMattApplication DataMozillaFirefoxProfiles404f9srs.default
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - component: c:documents and settingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}componentsfrozen.dll
FF - component: c:program filesAVGAVG8Firefoxcomponentsavgssff.dll
FF - plugin: c:documents and settingsMattApplication DataMozillaFirefoxProfiles404f9srs.defaultextensionsmoveplayer@movenetworks.complatformWINNT_x86-msvcpluginsnpmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension

---- FIREFOX POLICIES ----
c:program filesMozilla Firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program filesMozilla Firefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program filesMozilla Firefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program filesMozilla Firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program filesMozilla Firefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program filesMozilla Firefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program filesMozilla Firefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program filesMozilla Firefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program filesMozilla Firefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program filesMozilla Firefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program filesMozilla Firefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program filesMozilla Firefoxgreprefsall.js - pref("html5.enable", false);
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program filesMozilla Firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - c:windowssystem32awtrqqn.dll
BHO-{AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - (no file)
BHO-{C2B5AAB8-2183-4be7-81A6-F11493C45872} - c:documents and settingsMattApplication DataAntiVirus PlusAntiVirus Plus.70700.dll
HKCU-Run-SRS Audio Sandbox - c:program filesSRS LabsAudio SandboxSRSSSC.exe
HKCU-Run-msnmsgr - c:program filesWindows LiveMessengermsnmsgr.exe
HKLM-Explorer_Run-RTHDBPL - c:documents and settingsMattApplication DataSystemProclsass.exe
ShellExecuteHooks-{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - c:windowssystem32awtrqqn.dll
Notify-awtrqqn - awtrqqn.dll
AddRemove-Adobe SVG Viewer - c:program filesCommon FilesAdobeSVG Viewer 3.0UninstallWinstall.exe
AddRemove-AntiVirus Plus - c:documents and settingsMattApplication DataAntiVirus PlusAntiVirus Plus.70700.dll
AddRemove-FBX Plugin 2009.0 for Max 2009 - c:program filesAutodeskFBXFbxPlugins2009.0Max2009Uninstall.exe
AddRemove-Spybot - Search & Destroy_is1 - c:windowsunins000.exe
AddRemove-SystemRequirementsLab - c:program filesSystemRequirementsLabUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 17:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun
RTHDBPL = c:documents and settingsMattApplication DataSystemProclsass.exe????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3220)
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:program filesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
c:program filesBonjourmDNSResponder.exe
c:documents and settingsAll UsersApplication DataEPSONEPW!3 SSRPE_S30RP1.EXE
c:program filesJavajre6binjqs.exe
c:program filesCommon FilesMicrosoft SharedVS7Debugmdm.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32Tablet.exe
c:windowsSystem32wltrysvc.exe
c:progra~1AVGAVG8avgrsx.exe
c:progra~1AVGAVG8avgnsx.exe
c:windowsSystem32bcmwltry.exe
c:windowsRTHDCPL.EXE
c:windowssystem32RUNDLL32.EXE
c:program filesiPodbiniPodService.exe
.
**************************************************************************
.
Completion time: 2010-02-03 17:53:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-03 23:53

Pre-Run: 81,042,378,752 bytes free
Post-Run: 82,241,753,088 bytes free

- - End Of File - - C04C948A986C56676E12DD6423355B3C

#16 Satchfan

Satchfan

    Member

  • Trusted Malware Techs
  • 135 posts
  • Gender:Female
  • Location:Devon, UK


Posted 28 January 2012 - 05:34 AM

Hi nomoretubesforme

P2P - I see you have P2P software, (BitTorrent, KaZaA), on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infection. If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing.

I would strongly recommend that you uninstall any that are installed now. You can do so via Start > Settings > Control Panel > Add/Remove Programs.

Should you decide to keep them, please don’t use them until we have finished up here.

===================================================

Ask Toolbar

Uninstall Ask Toolbar if it was not installed on purpose. See this:

See http://www.benedelma...e/ask-toolbars/ for more info.

If you choose to follow my recommendation then please uninstall the following programs if present:

AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):

C:\Program Files\AskBarDis or anything related to Ask.

===================================================

Open ComboFix

Please do the following:
  • close any open browsers.
  • close/disable all anti virus and anti malware programs so that they do not interfere with the running of ComboFix.
  • open notepad and copy/paste the text in the codebox below into it:
File::
C:\kkalf.exe
C:\yfoku.exe
c:\windows\system32\ndismgr.sys

Driver::
Moucaersrhms
ndismgr

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it produces a log at C:\ComboFix.txt. Post the contents of Combofix.txt in your next reply.

===================================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:
  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scanner” tab, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include in the next post:

ComboFix.txt
Mbam.txt


Can you tell me if there are any changes and any current problems.

Thanks

Satchfan

#17 nomoretubesforme

nomoretubesforme

    Member

  • Members
  • 26 posts

Posted 28 January 2012 - 07:56 AM

Hi, I actually have long since stopped using Kazaa, haha. Its only still there as I kept it's folder as a base folder for my music. (Or at least I thought the program itself was gone, please correct me if I'm wrong.) As for the Ask Toolbar, how do I remove this? I looked in the add/remove programs list but did not see it or any other "Ask" software listed. I was not able to update Malwarebytes as I still can not connect to the internet. If that is a problem, please let me know and I will update. Please also let me know how to update it without a connection, if this becomes the case. During running ComboFix, it asked to download or update that security program which allows for safe recovery. I was not able to connect, so I could not, and it alerted me that, because of this, some more severe infections it may find it may not treat. Not sure if this is relevant, but posting that in case. Also because of this, I will post a display message it alerted me to during its scan, Start of message- ComboFix - ZeroAccess You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection. If for any reason that you're unable to connect to the internet after running ComboFix, reboot once and see if that fixes it. If it's not fixed, run ComboFix one more time. End of message. Sounds relevant, haha. Combofix is still running, I will post the logs as soon as it's done! EDIT: It actually also said it found the RootKit, and displayed the message above twice total.

Edited by nomoretubesforme, 28 January 2012 - 08:06 AM.


#18 nomoretubesforme

nomoretubesforme

    Member

  • Members
  • 26 posts

Posted 28 January 2012 - 07:14 PM

I'm running into a bit of a problem. Everytime I run ComboFix, it gives me the above messages, but ultimately freezes. The entire computer freezes, not just the program. At one point, I observed the mouse to slow down very harshly, and the frame rate of the mouse to fall harshly before the freeze. Any ideas? :C

#19 Satchfan

Satchfan

    Member

  • Trusted Malware Techs
  • 135 posts
  • Gender:Female
  • Location:Devon, UK


Posted 28 January 2012 - 07:51 PM

Try running ComboFix in safe mode.

#20 nomoretubesforme

nomoretubesforme

    Member

  • Members
  • 26 posts

Posted 29 January 2012 - 02:19 AM

It ran longer in Safe mode, but still ultimately froze up, and never completed a report. It did say that bit about RookKits, though. Is there any way to proceed from there? I could still run Malwarebytes if that will help. Or can combo be run less somehow?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users