Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis not finishing scanning, very slow internet-part 2

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HijackThis not finishing scanning, very slow internet-part 2

Unread postby waldo9 » August 26th, 2009, 7:16 am

Hi there.

This is an update on the following thread:

viewtopic.php?f=11&t=44868

I have followed the instructions and the following is the logfile.
_____________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:06 PM, on 8/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 5276 bytes
waldo9
Active Member
 
Posts: 6
Joined: August 5th, 2009, 1:44 am
Advertisement
Register to Remove

Re: HijackThis not finishing scanning, very slow internet-part 2

Unread postby MWR 3 day Mod » August 30th, 2009, 1:34 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: HijackThis not finishing scanning, very slow internet-part 2

Unread postby Carolyn » August 30th, 2009, 12:19 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.



Step 1

Image
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Step 2

Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.

Double click on gmer.exe to run it. It will start running a scan. If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes.

  • When done, you may receive another notice. Click OK.
  • Click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

If you receive no notice, click on the Scan button.

  • It will start scanning again.
  • When done, click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.

In your next reply, please post:

  1. DDS.txt
  2. Attach.txt
  3. Gmer.txt
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: HijackThis not finishing scanning, very slow internet-part 2

Unread postby waldo9 » August 30th, 2009, 9:31 pm

Hi Carolyn. Thanks for your help.

---------

1. DDS

Of the three links you included, the first didn't work, the second downloads ddr.scr only and the third downloads dds.pif only. I don't know if I should infer from the image you attached that I should have three files...

Anyway, I first downloaded ddr.scr only, then ran it, but it generated one notepad file called ddr.scr that was full of gibberish. I closed that and downloaded scr.pif and then ran ddr.scr again, and got the same result. I did not try to run ddr.pif.

I suspect this is because I might have a script blocker somewhere; I just don't know how I can tell if I do or not, or how to disable it.

2. Gmer

I have not done anything with Gmer yet.

---------

Please advise me on what to do next. Thanks in advance.
waldo9
Active Member
 
Posts: 6
Joined: August 5th, 2009, 1:44 am

Re: HijackThis not finishing scanning, very slow internet-part 2

Unread postby Carolyn » August 31st, 2009, 12:52 pm

Hi,

Instead of DDS, please run the following scan:

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

After the OTL scan, please run GMER as instructed in my previous post. Please reply with the contents of the OTL and GMER logs when available.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: HijackThis not finishing scanning, very slow internet-pa

Unread postby waldo9 » August 31st, 2009, 6:47 pm

Ok, things went smoothly this time thankfully.

-----------------

1. OTL.txt

OTL logfile created on: 9/1/2009 12:25:00 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.21 Mb Total Physical Memory | 90.61 Mb Available Physical Memory | 17.76% Memory free
1.46 Gb Paging File | 0.91 Gb Available in Paging File | 62.10% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.54 Gb Free Space | 4.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WALPC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2004/01/09 10:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe
PRC - [2009/08/17 19:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 20:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2004/01/12 06:53:30 | 00,360,448 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ZCfgSvc.exe
PRC - [2008/04/14 04:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/01/09 10:12:08 | 00,184,320 | ---- | M] (Intel) -- C:\WINDOWS\System32\1XConfig.exe
PRC - [2006/08/16 07:10:55 | 00,503,808 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/08/17 20:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004/04/26 17:02:14 | 00,163,840 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
PRC - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/11/06 08:37:48 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
PRC - [2009/08/17 20:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 20:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/01 05:29:06 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/15 17:42:54 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/01 00:22:22 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/02/28 20:48:52 | 00,069,632 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/17 19:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2007/09/03 22:20:41 | 00,074,360 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Disabled | Stopped])
SRV - [2009/08/17 20:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 20:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 20:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2004/04/26 17:02:14 | 00,163,840 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2007/03/18 13:36:36 | 01,327,104 | ---- | M] (Macrovision Corporation) -- C:\OrCAD\license_manager\lmgrd.exe -- (Cadence License Manager [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/02/28 21:29:40 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 04:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/04/29 14:29:54 | 00,139,264 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/11/06 08:37:48 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent [Auto | Running])
SRV - [2007/11/06 08:37:56 | 00,734,472 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine [On_Demand | Stopped])
SRV - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Disabled | Stopped])
SRV - [2004/01/09 10:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe -- (RegSrvc [Disabled | Stopped])
SRV - [2004/01/09 10:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2007/03/29 04:42:42 | 00,029,704 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\System32\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/08/17 20:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2004/02/11 15:34:46 | 00,016,855 | ---- | M] (An Chen Computer Co., Ltd.) -- C:\WINDOWS\System32\Drivers\Achernar.sys -- (Achernar [Boot | Running])
DRV - [2004/10/08 05:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2004/02/11 15:34:50 | 00,021,808 | ---- | M] (An Chen Computer Co., Ltd.) -- C:\WINDOWS\System32\Drivers\Aldebaran.sys -- (Aldebaran [On_Demand | Running])
DRV - [2003/08/21 19:25:52 | 00,094,600 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2009/08/17 20:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/08/17 20:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/08/17 20:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/08/17 20:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/08/17 20:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2003/08/29 05:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
DRV - [2004/04/26 16:31:56 | 01,239,338 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [Boot | Running])
DRV - [2004/04/26 16:15:16 | 00,053,336 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [1996/07/31 18:00:00 | 00,005,728 | ---- | M] () -- C:\WINDOWS\System32\drivers\CVINTDRV.SYS -- (cvintdrv [Auto | Running])
DRV - [2007/10/22 05:33:40 | 00,068,624 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS [Boot | Running])
DRV - [2006/08/16 06:56:50 | 00,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp [Auto | Running])
DRV - [2003/09/22 08:49:48 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [1996/10/02 16:05:22 | 00,055,888 | ---- | M] () -- C:\WINDOWS\System32\Drivers\gpib-at.sys -- (gpib-at [System | Stopped])
DRV - [1996/10/02 16:05:24 | 00,058,704 | ---- | M] () -- C:\WINDOWS\System32\Drivers\gpibatnt.sys -- (gpibatnt [System | Stopped])
DRV - [1996/10/22 14:34:04 | 00,049,008 | ---- | M] () -- C:\WINDOWS\System32\Drivers\gpibclsb.sys -- (gpibclsb [Auto | Stopped])
DRV - [1996/10/02 16:05:20 | 00,025,968 | ---- | M] () -- C:\WINDOWS\System32\Drivers\gpibclsd.sys -- (gpibclsd [Auto | Stopped])
DRV - [1996/10/02 16:05:28 | 00,083,088 | ---- | M] () -- C:\WINDOWS\System32\Drivers\gpibpci.sys -- (gpibpci [Disabled | Stopped])
DRV - [1996/10/02 16:05:26 | 00,056,272 | ---- | M] () -- C:\WINDOWS\System32\Drivers\gpibvxip.sys -- (gpibvxip [Disabled | Stopped])
DRV - [2004/09/29 09:11:42 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004/09/29 09:11:46 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004/09/29 09:10:16 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2007/02/28 19:46:37 | 00,014,037 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2007/08/15 07:27:18 | 00,009,600 | ---- | M] () -- C:\WINDOWS\System32\Drivers\n558.sys -- (n558 [On_Demand | Running])
DRV - [2002/11/22 20:01:26 | 00,020,096 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\Drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
DRV - [1997/03/27 05:00:00 | 00,321,536 | ---- | M] (National Instruments) -- C:\WINDOWS\System32\drivers\nidaq32k.sys -- (NIDAQ32K [Auto | Running])
DRV - [1997/03/27 05:00:00 | 00,036,864 | ---- | M] (National Instruments) -- C:\WINDOWS\System32\drivers\nissm32k.sys -- (NISSM32K [Auto | Running])
DRV - [2004/02/13 10:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2001/08/23 16:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/01/09 09:49:52 | 00,010,970 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2000/06/27 11:50:48 | 00,067,584 | ---- | M] (SIEMENS AG) -- C:\WINDOWS\System32\Drivers\S7odpx2x.sys -- (s7odpx2x [Auto | Running])
DRV - [2000/06/27 11:52:12 | 00,169,472 | ---- | M] (SIEMENS AG) -- C:\WINDOWS\System32\Drivers\s7opciax.sys -- (s7opciax [Auto | Stopped])
DRV - [2000/06/27 11:51:42 | 00,206,848 | ---- | M] (SIEMENS AG) -- C:\WINDOWS\System32\Drivers\s7opcmcx.sys -- (s7opcmcx [Auto | Running])
DRV - [2000/06/27 11:50:30 | 00,076,288 | ---- | M] (SIEMENS AG) -- C:\WINDOWS\System32\Drivers\S7oppitx.sys -- (s7oppitx [On_Demand | Stopped])
DRV - [2000/06/27 11:53:12 | 00,173,568 | ---- | M] (SIEMENS AG) -- C:\WINDOWS\System32\Drivers\s7osmcax.sys -- (s7osmcax [Auto | Running])
DRV - [2000/06/27 11:50:12 | 00,274,944 | ---- | M] (SIEMENS AG) -- C:\WINDOWS\System32\Drivers\S7otranx.sys -- (s7otranx [Auto | Running])
DRV - [2007/04/09 16:27:07 | 00,031,548 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/11/13 14:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/04/26 14:06:38 | 00,390,784 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\snpstd.sys -- (snpstd [On_Demand | Stopped])
DRV - [2008/11/25 06:25:38 | 00,715,248 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/01/24 15:38:00 | 00,052,384 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
DRV - [2005/01/24 15:38:04 | 00,006,064 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
DRV - [2005/01/24 15:38:04 | 00,084,512 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
DRV - [2004/11/15 15:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
DRV - [2008/12/06 18:35:56 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2004/01/13 02:41:46 | 02,482,176 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w70n51.sys -- (w70n51 [On_Demand | Running])
DRV - [2003/10/27 20:43:36 | 00,120,830 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/10/27 20:43:28 | 00,098,938 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])
DRV - [2003/10/27 20:42:36 | 00,033,847 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\wA301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} [On_Demand | Stopped])
DRV - [2003/10/27 20:42:36 | 00,033,847 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\wA301b.sys -- ({E2B953A7-195A-44F9-9BA3-3D5F4E32BB55} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-343818398-113007714-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-343818398-113007714-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-343818398-113007714-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-343818398-113007714-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-343818398-113007714-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-343818398-113007714-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-343818398-113007714-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-343818398-113007714-1343024091-500\S-1-5-21-343818398-113007714-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-113007714-1343024091-500\S-1-5-21-343818398-113007714-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google UK"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/sport"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:1.8
FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:1.3.0
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.50
FF - prefs.js..extensions.enabledItems: capturefoxmovie@advancity.net:0.3.5.081007b
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {48ff37f0-d672-11db-8314-0800200c9a66}:1.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.2
FF - prefs.js..extensions.enabledItems: {61FD08D8-A2CB-46c0-B36D-3F531AC53C12}:1.3.2008052801
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: remove-new-tab-button@forerunnerdesigns.com:1.0
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:1.4.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..extensions.enabledItems: {d596c130-b00a-11db-abbd-0800200c9a66}:2.080708
FF - prefs.js..keyword.URL: "http://www.google.com/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/08/01 05:30:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/15 02:09:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/16 23:25:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/15 17:43:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/01 05:29:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/08/17 12:57:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2008/08/17 12:57:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/31 05:39:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ngf2owji.default\extensions
[2009/04/04 19:59:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ngf2owji.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/07/15 13:44:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ngf2owji.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/23 17:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ngf2owji.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/08/28 14:36:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ngf2owji.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2009/04/04 19:59:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ngf2owji.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2009/06/23 17:56:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ngf2owji.default\extensions\{48ff37f0-d672-11db-8314-0800200c9a66}
[2008/06/02 03:01:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ngf2owji.default\extensions\{61FD08D8-A2CB-46c0-B36D-3F531AC53C12}
[2009/07/10 16:24:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ngf2owji.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2009/08/16 23:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ngf2owji.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/10/13 04:03:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ngf2owji.default\extensions\{d596c130-b00a-11db-abbd-0800200c9a66}
[2009/07/10 16:24:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ngf2owji.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/08/10 15:59:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ngf2owji.default\extensions\add-to-searchbox@maltekraus.de
[2009/08/11 20:38:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ngf2owji.default\extensions\capturefoxmovie@advancity.net
[2009/08/15 19:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ngf2owji.default\extensions\remove-new-tab-button@forerunnerdesigns.com
[2008/12/19 18:05:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ngf2owji.default\extensions\toolbar@alexa.com
[2009/08/25 00:53:42 | 00,001,651 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\ngf2owji.default\searchplugins\alexa.xml
[2009/08/10 16:20:47 | 00,001,766 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\ngf2owji.default\searchplugins\google-uk.xml
[2008/06/22 21:45:53 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\ngf2owji.default\searchplugins\imdb.xml
[2007/10/20 14:07:59 | 00,002,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\ngf2owji.default\searchplugins\mozilla-add-ons.xml
[2008/06/22 21:45:54 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\ngf2owji.default\searchplugins\wikipedia-en.xml
[2008/10/24 15:44:07 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\ngf2owji.default\searchplugins\youtube-video-search.xml
[2009/08/31 05:39:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/15 17:43:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/11/15 06:28:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/15 17:54:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/19 20:14:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/08/15 17:42:48 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/15 17:42:48 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/02/04 23:02:56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2009/08/15 17:43:01 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/08/01 05:29:56 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/03/25 22:15:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/03/25 22:15:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/03/25 22:15:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/03/25 22:15:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/03/25 22:15:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/03/25 22:15:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/03/25 22:15:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/01 05:30:32 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/08/01 05:29:32 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/08/15 17:43:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/15 17:43:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/15 17:43:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/15 17:43:04 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/15 17:43:04 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/15 17:43:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/15 17:43:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (269065 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 http://www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 http://www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 http://www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 9313 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-343818398-113007714-1343024091-500\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-113007714-1343024091-500\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKU\S-1-5-21-343818398-113007714-1343024091-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-343818398-113007714-1343024091-500..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-113007714-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 47 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 47 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-343818398-113007714-1343024091-500\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKU\S-1-5-21-343818398-113007714-1343024091-500\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll (WIDCOMM, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\system32\LgNotify.dll - C:\WINDOWS\System32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/12 22:36:26 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{012038e9-2ad7-11dc-abcd-000423a25149}\Shell - "" = AutoRun
O33 - MountPoints2\{012038e9-2ad7-11dc-abcd-000423a25149}\Shell\Auto\command - "" = E:\OSO.exe -- File not found
O33 - MountPoints2\{012038e9-2ad7-11dc-abcd-000423a25149}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3d4eb166-dea7-11db-81c8-000f1fa5163d}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{3d4eb166-dea7-11db-81c8-000f1fa5163d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{42954219-ca79-11dd-ba4c-0010c637a170}\Shell\AutoRun\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Drive13.exe
O33 - MountPoints2\{42954219-ca79-11dd-ba4c-0010c637a170}\Shell\open\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Drive13.exe
O33 - MountPoints2\{450320e6-69c7-11dc-8d5a-000f1fa5163d}\Shell - "" = Autorun
O33 - MountPoints2\{450320e6-69c7-11dc-8d5a-000f1fa5163d}\Shell\AutoRun\command - "" = SSCVIIHOST.exe
O33 - MountPoints2\{450320e6-69c7-11dc-8d5a-000f1fa5163d}\Shell\Open\command - "" = SSCVIIHOST.exe
O33 - MountPoints2\{4640e8ef-fb40-11db-81e7-000f1fa5163d}\Shell\AutoRun\command - "" = E:\.\Recycled\Desktop.exe -- File not found
O33 - MountPoints2\{4640e8ef-fb40-11db-81e7-000f1fa5163d}\Shell\Open\Command - "" = E:\.\Recycled\Desktop.exe -- File not found
O33 - MountPoints2\{edbc92a0-6f1d-11dd-ba23-0010c637a170}\Shell\AutoRun\command - "" = nplrssy.exe
O33 - MountPoints2\{edbc92a0-6f1d-11dd-ba23-0010c637a170}\Shell\explore\Command - "" = nplrssy.exe
O33 - MountPoints2\{edbc92a0-6f1d-11dd-ba23-0010c637a170}\Shell\open\Command - "" = nplrssy.exe
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/09/01 00:21:58 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/08/31 04:41:02 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/08/26 15:10:07 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\WalHJTexecutable.exe
[2009/08/25 18:25:24 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/08/25 18:25:06 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/08/19 23:44:55 | 03,462,061 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PI_UGCatalog08-09.pdf
[2009/08/18 16:55:13 | 00,162,845 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Orientation Program 2009.docx
[2009/08/18 12:57:16 | 12,936,856 | ---- | C] (Alcohol Soft Development Team) -- C:\Documents and Settings\Administrator\Desktop\Alcohol120_trial_1.9.8.7612.exe
[2009/08/16 14:43:16 | 01,242,538 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MASDAR MALE VILLA MAP.jpg
[2009/08/16 02:59:46 | 00,142,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Wal - Student Visa Info Form.doc
[2009/08/16 02:58:52 | 03,911,854 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Wal - MASDAR documents.pdf
[2009/08/13 09:44:03 | 00,044,309 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Info Masdar immigration.jpg
[2009/08/12 21:25:16 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/12 21:24:46 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/10 19:10:41 | 16,659,159 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 9 of 9.mp4
[2009/08/10 19:10:16 | 30,208,643 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 8 of 9.mp4
[2009/08/10 19:09:41 | 36,770,923 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 7 of 9.mp4
[2009/08/10 19:08:53 | 32,010,410 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 6 of 9.mp4
[2009/08/10 19:07:52 | 25,204,723 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 5 of 9.mp4
[2009/08/10 18:51:05 | 34,166,393 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 4 of 9.mp4
[2009/08/10 18:46:18 | 38,930,313 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 3 of 9.mp4
[2009/08/10 18:45:46 | 42,530,025 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 2 of 9.mp4
[2009/08/10 18:44:34 | 42,522,707 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 1 of 9.mp4
[2009/08/10 17:43:18 | 00,116,926 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FAQ for Fall 2009 V6.pdf
[2009/08/10 17:25:49 | 00,959,161 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\STUDENT_ORIENT_GUIDE_FINAL.pdf
[2009/08/05 09:02:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2009/08/04 00:06:59 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/04 00:06:33 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/29 18:15:10 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/02/18 02:29:59 | 02,246,163 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/02/18 02:29:58 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/02/18 02:29:58 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/18 02:29:58 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/18 02:29:43 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/18 02:29:43 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/31 17:04:42 | 00,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/06 18:37:12 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/11/25 08:34:51 | 00,000,146 | ---- | C] () -- C:\WINDOWS\capture.INI
[2008/11/25 06:25:36 | 00,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/09/18 22:16:42 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\cp551inf.dll
[2008/09/18 21:58:42 | 00,000,403 | ---- | C] () -- C:\WINDOWS\Microwin.ini
[2008/04/29 22:05:20 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008/04/29 22:05:20 | 00,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2008/04/29 22:05:16 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/04/09 20:50:58 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2008/04/09 20:22:50 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2008/04/09 20:22:49 | 00,106,496 | R--- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2008/04/09 20:22:48 | 00,081,920 | R--- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2008/04/09 20:22:46 | 00,057,344 | R--- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2008/04/01 20:12:14 | 00,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2008/04/01 20:12:13 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll
[2008/04/01 20:12:03 | 00,390,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2008/04/01 20:11:54 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll
[2008/04/01 20:11:53 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[2008/04/01 20:11:52 | 00,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[2008/02/12 22:38:48 | 00,005,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\CVINTDRV.SYS
[2008/02/12 22:38:29 | 00,000,113 | ---- | C] () -- C:\WINDOWS\cviinst.ini
[2008/02/12 21:22:06 | 00,083,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\gpibpci.sys
[2008/02/12 21:22:06 | 00,056,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\gpibvxip.sys
[2008/02/12 21:22:06 | 00,049,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\gpibclsb.sys
[2008/02/12 21:22:06 | 00,025,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\gpibclsd.sys
[2008/02/12 21:22:05 | 00,058,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\gpibatnt.sys
[2008/02/12 21:22:05 | 00,055,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\gpib-at.sys
[2008/02/12 21:21:59 | 00,381,200 | ---- | C] () -- C:\WINDOWS\System32\gpib-32.dll
[2008/02/12 21:21:59 | 00,012,480 | ---- | C] () -- C:\WINDOWS\System32\gpib.dll
[2008/02/12 21:21:58 | 00,023,312 | ---- | C] () -- C:\WINDOWS\System32\gpib-vdd.dll
[2007/12/14 02:04:59 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/16 22:30:29 | 00,000,156 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2007/08/15 07:27:18 | 00,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/05/23 15:54:09 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/05/23 15:53:08 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/04/03 22:07:49 | 00,251,904 | ---- | C] () -- C:\WINDOWS\System32\orant71.dll
[2007/04/03 22:07:45 | 00,903,168 | ---- | C] () -- C:\WINDOWS\System32\mitmdl30.dll
[2007/02/28 22:08:08 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/02/28 21:56:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/02/28 21:55:33 | 00,000,234 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/28 21:41:12 | 00,006,530 | ---- | C] () -- C:\WINDOWS\PSPICEEV.INI
[2007/02/28 21:41:08 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[2007/02/28 21:41:08 | 00,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll
[2007/02/28 21:41:08 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[2007/02/28 21:41:08 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[2007/02/28 21:41:08 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll
[2007/02/28 21:41:08 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[2007/02/28 21:41:08 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[2007/02/28 21:41:08 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[2007/02/28 21:41:08 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll
[2007/02/28 21:41:08 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[2007/02/28 21:41:08 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[2007/02/28 21:41:08 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[2007/02/28 21:41:08 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[2007/02/28 21:41:08 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[2007/02/28 21:41:08 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[2007/02/28 21:41:08 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[2007/02/28 21:16:56 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/02/28 20:21:51 | 00,000,785 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/28 19:43:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/04/26 16:53:42 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/01/09 10:10:48 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/09/10 02:17:24 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/09/10 02:17:24 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 23:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002/02/27 10:41:28 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/11/23 18:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 16:00:00 | 00,001,187 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 16:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files]
[2009/09/01 00:22:22 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/08/31 23:17:02 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily FY04.job
[2009/08/31 20:03:04 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2009/08/31 20:03:03 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/30 04:49:44 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/08/30 04:46:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/30 04:46:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/28 17:43:20 | 00,000,406 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/08/26 14:53:57 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\WalHJTexecutable.exe
[2009/08/25 18:25:24 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/08/25 18:25:08 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/08/25 00:55:37 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/19 23:43:32 | 00,218,624 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/18 16:55:16 | 00,162,845 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Orientation Program 2009.docx
[2009/08/18 13:00:17 | 12,936,856 | ---- | M] (Alcohol Soft Development Team) -- C:\Documents and Settings\Administrator\Desktop\Alcohol120_trial_1.9.8.7612.exe
[2009/08/17 20:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/17 20:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/17 20:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/17 20:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/17 20:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/17 20:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/17 20:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/17 20:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/17 20:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/16 14:43:29 | 01,242,538 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MASDAR MALE VILLA MAP.jpg
[2009/08/16 03:04:52 | 03,911,854 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Wal - MASDAR documents.pdf
[2009/08/16 02:59:53 | 00,142,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Wal - Student Visa Info Form.doc
[2009/08/13 09:44:29 | 00,044,309 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Info Masdar immigration.jpg
[2009/08/13 03:14:39 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/12 18:32:26 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/12 18:12:16 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\afi 400.doc
[2009/08/11 12:34:05 | 00,002,405 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PerfectDisk 8.0.lnk
[2009/08/10 19:32:34 | 36,770,923 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 7 of 9.mp4
[2009/08/10 19:29:09 | 32,010,410 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 6 of 9.mp4
[2009/08/10 19:27:30 | 30,208,643 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 8 of 9.mp4
[2009/08/10 19:21:58 | 16,659,159 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 9 of 9.mp4
[2009/08/10 19:21:51 | 25,204,723 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 5 of 9.mp4
[2009/08/10 19:08:08 | 34,166,393 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 4 of 9.mp4
[2009/08/10 19:07:35 | 42,530,025 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 2 of 9.mp4
[2009/08/10 19:06:39 | 38,930,313 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 3 of 9.mp4
[2009/08/10 19:03:29 | 42,522,707 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Man with a Movie Camera 1 of 9.mp4
[2009/08/10 17:43:22 | 00,116,926 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FAQ for Fall 2009 V6.pdf
[2009/08/10 17:26:08 | 00,959,161 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\STUDENT_ORIENT_GUIDE_FINAL.pdf
[2009/08/05 13:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 13:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/04 01:38:55 | 00,008,990 | ---- | M] () -- C:\WINDOWS\hh.dat
[2009/08/04 00:07:09 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

-----------------

2. Extra.txt

OTL Extras logfile created on: 9/1/2009 12:25:00 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.21 Mb Total Physical Memory | 90.61 Mb Available Physical Memory | 17.76% Memory free
1.46 Gb Paging File | 0.91 Gb Available in Paging File | 62.10% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.54 Gb Free Space | 4.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WALPC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-343818398-113007714-1343024091-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = AutoCADScriptFile] -- C:\WINDOWS\notepad.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\MATLAB7\bin\win32\MATLAB.exe" = C:\MATLAB7\bin\win32\MATLAB.exe:*:Enabled:MATLAB -- (The MathWorks Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" = C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic -- (mpc-hc@Sourceforge)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\12Voip.com\12Voip\12Voip.exe" = C:\Program Files\12Voip.com\12Voip\12Voip.exe:*:Enabled:12Voip -- (12Voip)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B9E27C7-9ECD-4362-B311-030EA48F8E72}" = Crystal XI
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1E460998-5C2C-4ACF-A9AA-3629BD9C06C2}" = Samsung PC Studio
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{2C351DB8-E088-41A2-9BF0-113727FBB697}" = Intel(R) PROSet
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57383270-6F61-4DC8-A9B8-C1745FC29F38}" = USB PC Camera (SN9C101)
"{5783F2D7-0301-0409-0002-0060B0CE6BBA}" = AutoCAD 2005 - English
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Dell Bluetooth Software
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}" = Readiris Pro 8
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B41F81C2-71C5-4848-AFBC-5049FC724584}" = PS8100
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC5FDFC6-D617-11D6-86D3-00055DF3561E}" = Presto! PageManager 7.11
"{BD70D30F-671D-4EF9-9EAD-4995FE463618}" = Tanner Tools Demo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C6E52B1B-9905-469A-B8CD-399FDFA98873}" = MIT MathML Fonts 1.0
"{C7EEC93A-2A61-4B1E-B696-A264680A889D}" = MobileMe Control Panel
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC12B3AC-0A75-4F85-8BC9-89D440BE3846}" = HP Photo and Imaging 2.5 - Scanjet 5590 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE9CAAD2-A4CA-48CC-B0C2-07254867FAD4}" = Cadence License Manager
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F1670367-C07F-411f-A196-79D2C65CBEC0}" = PS8200
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"12Voip_is1" = 12Voip
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Apex Video to MP3 WMA WAV Converter Free_is1" = Apex Video to MP3 WMA WAV Converter Free 4.25
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"avast!" = avast! Antivirus
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"CircuitMaker 6 Student" = CircuitMaker 6 Student
"GoogleVideoPlayer" = Google Video Player
"HijackThis" = HijackThis 2.0.2
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.6.2
"LabVIEWV41" = LabVIEW v4.1
"LV41AAnPack" = LabVIEW 4.1 Advanced Analysis Package
"LVChanWiz41" = NI-DAQ Channel Wizard v4.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MathGV 3.1" = MathGV 3.1
"MatlabR14" = MATLAB Family of Products Release 14
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NI-DAQ" = NI-DAQ 5.0
"NI-VISA" = NI-VISA for Windows 95/NT
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Orcad Family Release 9.2 Lite Edition" = Orcad Family Release 9.2 Lite Edition
"PowerISO" = PowerISO
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"PSpice Student" = PSpice Student 9.1
"RealPlayer 6.0" = RealPlayer
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung SCX-4200 Series" = Samsung SCX-4200 Series
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SIMATIC STEP 7-Micro/WIN 32 V3.1.1.6" = SIMATIC STEP 7-Micro/WIN 32 V3.1.1.6
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Switch" = Switch Sound File Converter
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-343818398-113007714-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2009 6:21:22 AM | Computer Name = WALPC | Source = PDEngine | ID = 19
Description = Unable to move file C:\System Volume Information\_restore{4D78493F-FEDE-49C8-9D85-7851A6096346}\RP713\snapshot\_REGISTRY_USER_.DEFAULT
after many attempts. Skipping file.

Error - 8/11/2009 6:26:18 AM | Computer Name = WALPC | Source = PDEngine | ID = 19
Description = Unable to move file C:\WINDOWS\Installer\c5f04be.msp after many attempts.
Skipping file.

Error - 8/11/2009 6:26:20 AM | Computer Name = WALPC | Source = PDEngine | ID = 19
Description = Unable to move file C:\WINDOWS\Installer\542bd.msp after many attempts.
Skipping file.

Error - 8/11/2009 6:26:20 AM | Computer Name = WALPC | Source = PDEngine | ID = 19
Description = Unable to move file C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
after many attempts. Skipping file.

Error - 8/11/2009 6:26:21 AM | Computer Name = WALPC | Source = PDEngine | ID = 19
Description = Unable to move file C:\WINDOWS\Installer\2656930.msp after many attempts.
Skipping file.

Error - 8/11/2009 6:26:53 AM | Computer Name = WALPC | Source = PDEngine | ID = 19
Description = Unable to move file C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
after many attempts. Skipping file.

Error - 8/11/2009 6:26:54 AM | Computer Name = WALPC | Source = PDEngine | ID = 19
Description = Unable to move file C:\WINDOWS\Installer\1507daa5.msp after many attempts.
Skipping file.

Error - 8/11/2009 6:26:54 AM | Computer Name = WALPC | Source = PDEngine | ID = 19
Description = Unable to move file C:\Documents and Settings\Administrator\Local
Settings\Temp\~DF669.tmp after many attempts. Skipping file.

Error - 8/11/2009 6:26:54 AM | Computer Name = WALPC | Source = PDEngine | ID = 19
Description = Unable to move file C:\Documents and Settings\Administrator\Local
Settings\Application Data\Microsoft\Windows Live Contacts\{cbba900d-7322-44a0-b359-77b5d43e3f63}\DBStore\Backup\new\contacts.pat
after many attempts. Skipping file.

Error - 8/11/2009 6:26:55 AM | Computer Name = WALPC | Source = PDEngine | ID = 19
Description = Unable to move file C:\Documents and Settings\Administrator\Local
Settings\Application Data\Microsoft\Windows Live Contacts\{78c0773a-cad6-4594-bad7-37ff3f0f1008}\DBStore\LogFiles\edb00001.log
after many attempts. Skipping file.

[ System Events ]
Error - 8/31/2009 1:45:13 PM | Computer Name = WALPC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/31/2009 1:45:13 PM | Computer Name = WALPC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/31/2009 4:17:19 PM | Computer Name = WALPC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/31/2009 4:17:19 PM | Computer Name = WALPC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/31/2009 4:17:21 PM | Computer Name = WALPC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/31/2009 4:17:21 PM | Computer Name = WALPC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/31/2009 4:19:00 PM | Computer Name = WALPC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/31/2009 4:19:00 PM | Computer Name = WALPC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/31/2009 4:19:49 PM | Computer Name = WALPC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/31/2009 4:19:49 PM | Computer Name = WALPC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >

-----------------

3. Gmer.txt (I went through the no-notice path)

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-09-01 02:14:00
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEF3C66B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEF3C6574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEF3C6A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEF3C614C]
SSDT spof.sys ZwEnumerateKey [0xF8775CA2]
SSDT spof.sys ZwEnumerateValueKey [0xF8776030]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEF3C664E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEF3C608C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEF3C60F0]
SSDT spof.sys ZwQueryKey [0xF8776108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEF3C676E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEF3C672E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEF3C68AE]

INT 0x3B ? 8304ABF8
INT 0x3B ? 8304ABF8
INT 0x3B ? 8304ABF8
INT 0x3B ? 8304ABF8
INT 0x3E ? 833DEBF8
INT 0x3F ? 833DEBF8

---- Kernel code sections - GMER 1.0.15 ----

? spof.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F7C9A8AC 5 Bytes JMP 8304A1D8

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2740] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 833704B8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F877E6D0] spof.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8782708] spof.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8759046] spof.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8759142] spof.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F87590C4] spof.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F87597CE] spof.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F87596A4] spof.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8304A2D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8764D7A] spof.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[748] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[748] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 833DD1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 830491F8
Device \Driver\usbuhci \Device\USBPDO-1 830491F8
Device \Driver\usbuhci \Device\USBPDO-2 830491F8
Device \Driver\usbehci \Device\USBPDO-3 830271F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8336E1F8
Device \Driver\Cdrom \Device\CdRom0 8300F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{AB91E2BC-6FCE-497E-83F6-89AB996C2DEB} 82F41500
Device \Driver\NetBT \Device\NetBt_Wins_Export 82F41500
Device \Driver\NetBT \Device\NetbiosSmb 82F41500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\BTHUSB \Device\00000096 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{25972B7D-3893-49CB-924E-D2F98F2B7641} 82F41500

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\BTHUSB \Device\00000098 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 830491F8
Device \Driver\usbuhci \Device\USBFDO-1 830491F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82EFA500
Device \Driver\usbuhci \Device\USBFDO-2 830491F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82EFA500
Device \Driver\usbehci \Device\USBFDO-3 830271F8
Device \Driver\Ftdisk \Device\FtControl 8336E1F8
Device \FileSystem\Cdfs \Cdfs 82EA4500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0010c637a170
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE9 0x0C 0x41 0xB9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0010c637a170 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE9 0x0C 0x41 0xB9 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar@rar\x200e_auto_file

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles 0 bytes

---- EOF - GMER 1.0.15 ----

-----------------

Thanks.
waldo9
Active Member
 
Posts: 6
Joined: August 5th, 2009, 1:44 am

Re: HijackThis not finishing scanning, very slow internet-part 2

Unread postby Carolyn » September 2nd, 2009, 7:53 am

Hi,

Please update and scan with Malwarebytes' Anti-Malware
  1. Launch Malwarebytes' Anti-Malware, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  2. Select the Scanner tab. Click on Perform quick scan, then click on Scan.
  3. Leave the default options as it is and click on Start Scan.
  4. When done, you will be prompted. Click OK, then click on Show Results.
  5. Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  6. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Next,

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Please post the following in your next reply:
  • The Malwarebytes' log
  • The Kaspersky log
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: HijackThis not finishing scanning, very slow internet-part 2

Unread postby waldo9 » September 4th, 2009, 7:34 am

OK....

------------------------------------------------------

1. Malwarebytes

Malwarebytes' Anti-Malware 1.40
Database version: 2730
Windows 5.1.2600 Service Pack 3

9/2/2009 7:50:02 PM
mbam-log-2009-09-02 (19-50-02).txt

Scan type: Quick Scan
Objects scanned: 98306
Time elapsed: 10 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------------------------------

2. Kaspersky

(I didn't remove the viruses; waiting for further instruction...)

KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, September 3, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 02, 2009 19:15:03
Records in database: 2740564


Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 171307
Threats found: 3
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 05:50:32


File name / Threat / Threats count
C:\Documents and Settings\Administrator\My Documents\My Setup Files\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.g 1
C:\Documents and Settings\Administrator\My Documents\My Setup Files\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 1
C:\Documents and Settings\Administrator\My Documents\My Setup Files\u94.exe Infected: not-a-virus:NetTool.Win32.UltraSurf.a 1

Selected area has been scanned.
waldo9
Active Member
 
Posts: 6
Joined: August 5th, 2009, 1:44 am

Re: HijackThis not finishing scanning, very slow internet-part 2

Unread postby Carolyn » September 5th, 2009, 5:51 pm

I am not seeing any signs of malware on your computer, but I do recommend that you delete the following files:

C:\Documents and Settings\Administrator\My Documents\My Setup Files\u94.exe
C:\Documents and Settings\Administrator\My Documents\My Setup Files\keyfinder.exe

As for your computer being slow, please follow the steps in the following tutorial

What to do if your Computer is running slowly

Please let me know if those steps have resolved the problem of the computer being slow. Also please let me know of any other computer problems that you may be having.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: HijackThis not finishing scanning, very slow internet-part 2

Unread postby NonSuch » September 27th, 2009, 10:17 pm

Due to a lack of activity, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware