Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Multiple virus and malware infections, please help clean up!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Multiple virus and malware infections, please help clean up!

Unread postby Miggy » November 25th, 2009, 3:07 pm

Hi,

Thanks in advance to whomever chooses to help me clear up my nasty computer. Here is my Hikack log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:47 AM, on 11/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Belkin\F5D8053v3011\Belkinwcui.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hiphopsite.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\r6mb6bqh.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F5D8053v3011\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZU
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_41.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 6994 bytes
Miggy
Active Member
 
Posts: 6
Joined: November 25th, 2009, 3:02 pm
Advertisement
Register to Remove

Re: Multiple virus and malware infections, please help clean up!

Unread postby askey127 » November 28th, 2009, 7:47 pm

Hi Miggy,
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Power Reg Scheduler

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZU

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
---------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple virus and malware infections, please help clean up!

Unread postby Miggy » November 29th, 2009, 4:28 pm

Than you for the help, much appreciated.

Here are the logs:

Extras.txt:

OTL Extras logfile created on: 11/29/2009 12:19:10 PM - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 77.22% Memory free
2.21 Gb Paging File | 1.79 Gb Available in Paging File | 80.99% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 29.02 Gb Free Space | 38.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\XBC\neXBC.exe" = C:\Program Files\XBC\neXBC.exe:*:Enabled:XBConnect -- File not found
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\TiVo\Desktop\TiVoServer.exe" = C:\Program Files\TiVo\Desktop\TiVoServer.exe:*:Enabled:TiVo Server -- (TiVo Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Morpheus\Morpheus.exe" = C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell -- File not found
"C:\Program Files\Eagletron\TrackerCam\EyeWDM.exe" = C:\Program Files\Eagletron\TrackerCam\EyeWDM.exe:*:Enabled:TrackerCam Application -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{080AC7E7-266E-4A84-9FAC-DC8C783FEA54}" = IK Digidesign Bundle
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{28F58CDE-6241-4B11-8232-6A5D4FB06E8B}" = PACE System Files
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{34566374-6C4D-419F-A9E0-8B21CA905FD8}" = ATI Catalyst Control Center
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop
"{5636E517-8100-4E2A-B69E-2B16AFFA2360}" = Sony Sound Forge 8.0d
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 パーサーと SDK
"{78BC10C5-A668-433F-A9DF-954135FE11D2}" = Sonic Foundry ACID 4.0a
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C79B479-0ACE-4DCA-AA6B-5E617C356D72}" = Digidesign Pro Tools® LE 6.4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}" =
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{A99C6296-A311-4D6C-9602-53B4241921D5}" = Roxio Easy Media Creator 7
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C559CCD6-E2B8-4C7B-9791-AB68F382F9C2}" = DirectShow Dump
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{DBCD674C-1751-4548-9005-980F03083187}" = Digidesign Shared Plug-Ins
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
"{E7300AF3-DD5B-4E86-A291-7631BE0C62C7}" = Giganews Accelerator
"{EA560ABB-A9AF-4FB4-B917-3E7A28D76457}" = iAPP CR-e500(CR-i500) Driver and Icon
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}" = InterVideo Disc Master 2.5
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"All ATI Software" = ATI - Software Uninstall Utility
"Android Newsgroup Downloader_is1" = Android Newsgroup Downloader v 6.1
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"BMExtreme" = BMExtreme
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"DivX Content Uploader" = DivX Content Uploader
"Ethereal" = Ethereal 0.99.0
"HijackThis" = HijackThis 2.0.2
"hp instant support" = hp instant support
"hp psc 1200 series_Driver" = hp psc 1200 series
"InfraRecorder" = InfraRecorder
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
"InstantWrite" = InstantWrite
"Java Web Start" = Java Web Start
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatchWare Mediator 7 Std Installation" = MatchWare Mediator 7 Std Installation
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MorpheusToolbar Uninstall" = Morpheus Toolbar
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSN Music Assistant" = MSN Music Assistant
"Netscape (7.1)" = Netscape (7.1)
"Pinnacle Hollywood FX Pack - ATI FX" = Pinnacle Hollywood FX Pack - ATI FX
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"Q903235" = Internet Explorer Q903235
"RealPlayer 12.0" = RealPlayer
"Reason Adapted for Digidesign_is1" = Reason Adapted for Digidesign 2.5
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"Sound Blaster Audigy" = Sound Blaster Audigy
"SoundFont Showcase" = SoundFont Showcase
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Setupdeadfind" = CiD Help

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/24/2009 6:38:03 AM | Computer Name = MAC | Source = Application Error | ID = 1000
Description = Faulting application au_setup11.exe, version 2.0.0.46, faulting module
, version 2.0.0.46, fault address 0x00003871.

Error - 11/24/2009 5:08:42 PM | Computer Name = MAC | Source = Application Hang | ID = 1002
Description = Hanging application realplay.exe, version 12.0.0.343, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/25/2009 2:37:13 PM | Computer Name = MAC | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code 00000000. The machine must now be restarted.

Error - 11/28/2009 3:31:57 AM | Computer Name = MAC | Source = Application Error | ID = 1000
Description = Faulting application h5t3c0.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00178f5b.

Error - 11/28/2009 4:39:30 AM | Computer Name = MAC | Source = Application Hang | ID = 1002
Description = Hanging application and.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/28/2009 4:39:30 AM | Computer Name = MAC | Source = Application Hang | ID = 1002
Description = Hanging application and.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/28/2009 7:24:16 AM | Computer Name = MAC | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3646, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/28/2009 8:10:11 AM | Computer Name = MAC | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3646, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/28/2009 8:23:19 AM | Computer Name = MAC | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3646, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/28/2009 8:23:33 AM | Computer Name = MAC | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3646, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/28/2009 2:29:43 PM | Computer Name = MAC | Source = Service Control Manager | ID = 7000
Description = The ATI WDM TV Audio Crossbar service failed to start due to the following
error: %%1058

Error - 11/28/2009 2:29:43 PM | Computer Name = MAC | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized MVD Codec service failed to start due to the
following error: %%1058

Error - 11/28/2009 2:29:43 PM | Computer Name = MAC | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized PCD Codec service failed to start due to the
following error: %%1058

Error - 11/28/2009 2:29:43 PM | Computer Name = MAC | Source = Service Control Manager | ID = 7000
Description = The TrackerCam Video Capture Driver 4.0 service failed to start due
to the following error: %%1058

Error - 11/28/2009 2:39:39 PM | Computer Name = MAC | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 d7c0d69b, parameter2 00000002, parameter3
00000000, parameter4 804e844f.

Error - 11/29/2009 4:01:27 PM | Computer Name = MAC | Source = Service Control Manager | ID = 7000
Description = The ATI WDM TV Tuner service failed to start due to the following
error: %%1058

Error - 11/29/2009 4:01:27 PM | Computer Name = MAC | Source = Service Control Manager | ID = 7000
Description = The ATI WDM TV Audio Crossbar service failed to start due to the following
error: %%1058

Error - 11/29/2009 4:01:28 PM | Computer Name = MAC | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized MVD Codec service failed to start due to the
following error: %%1058

Error - 11/29/2009 4:01:28 PM | Computer Name = MAC | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized PCD Codec service failed to start due to the
following error: %%1058

Error - 11/29/2009 4:01:28 PM | Computer Name = MAC | Source = Service Control Manager | ID = 7000
Description = The TrackerCam Video Capture Driver 4.0 service failed to start due
to the following error: %%1058


< End of report >


Otl.txt:

OTL logfile created on: 11/29/2009 12:19:09 PM - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 77.22% Memory free
2.21 Gb Paging File | 1.79 Gb Available in Paging File | 80.99% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 29.02 Gb Free Space | 38.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ati2evxx.exe ()
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\pstorec.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (TivoBeacon2) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (TiVo Inc.)
SRV - (iPodService) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (SymWSC) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (DigiRefresh) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe ()
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (WMDM PMSP Service) -- C:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Cisco Systems, Inc.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Cdralw2k) -- C:\WINDOWS\system32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (ATIAVAIW) -- C:\WINDOWS\system32\drivers\atinavt2.sys (ATI Technologies Inc.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (trackcam4) -- C:\WINDOWS\system32\drivers\trackca4.sys (Windows (R) 2000 DDK provider)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (cdudf_xp) -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (dvd_2K) -- C:\WINDOWS\system32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys (Windows (R) 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\system32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (mmc_2K) -- C:\WINDOWS\system32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (pwd_2k) -- C:\WINDOWS\system32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ivicd) -- C:\WINDOWS\system32\drivers\ivicd.sys (InterVideo)
DRV - (iviudf) -- C:\WINDOWS\system32\drivers\IviUdf.sys (InterVideo)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys (Conexant Systems, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (dalwdmservice) -- C:\WINDOWS\system32\drivers\Dalwdm.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (DigiFilter) -- C:\WINDOWS\system32\drivers\DigiFilter.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (TPkd) -- C:\WINDOWS\system32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\hpzid412.sys (HP)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (vobiw) -- C:\WINDOWS\system32\drivers\vobIW.sys (VOB Computersysteme GmbH)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (atinrvxx) -- C:\WINDOWS\system32\drivers\atinrvxx.sys (ATI Technologies Inc.)
DRV - (ativraxx) -- C:\WINDOWS\system32\drivers\atinraxx.sys (ATI Technologies Inc.)
DRV - (ATITUNEP) -- C:\WINDOWS\system32\drivers\atintuxx.sys (ATI Technologies Inc.)
DRV - (ATIXSAudio) -- C:\WINDOWS\system32\drivers\atinxsxx.sys (ATI Technologies Inc.)
DRV - (PCDCODEC) -- C:\WINDOWS\system32\drivers\atinpdxx.sys (ATI Technologies Inc.)
DRV - (MVDCODEC) -- C:\WINDOWS\system32\drivers\atinmdxx.sys (ATI Technologies Inc.)
DRV - (cdrdrv) -- C:\WINDOWS\system32\drivers\Cdrdrv.old (VOB Computersysteme GmbH)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Cinemsup) -- C:\WINDOWS\system32\drivers\cinemsup.sys (Sonic Solutions)
DRV - (emu10kx) Creative EMU10K1/EMU10K2 Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\e10kx2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (vobcom) -- C:\WINDOWS\system32\drivers\vobcom.sys (VOB Computersysteme GmbH)
DRV - (USB-100) -- C:\WINDOWS\system32\drivers\USB100M.SYS (Linksys)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (V124) -- C:\WINDOWS\system32\drivers\HSF_V124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys (Conexant)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hiphopsite.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.cfr.org"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..network.proxy.autoconfig_url: "http://ucsbuxa.ucsb.edu:9000/ucsblibrary"
FF - prefs.js..network.proxy.http: "http://www.ucsbuxa.ucsb.edu:9000/ucsblibrary"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/23 21:32:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/28 03:01:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/25 12:59:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/25 12:59:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2006/11/03 22:24:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2009/11/24 02:50:34 | 00,000,000 | ---D | M]

[2009/11/25 13:01:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/11/25 13:01:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/28 22:34:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyemsav7.default\extensions
[2009/11/28 22:24:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyemsav7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2005/12/22 11:32:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyemsav7.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2007/03/17 13:59:06 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/25 12:59:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/02 19:23:26 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/02 19:23:27 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/02/22 20:25:15 | 00,700,416 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2007/02/23 14:51:35 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2006/02/14 08:40:00 | 00,459,496 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/02 19:23:28 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/11/24 02:47:57 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2006/11/24 23:52:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2006/11/24 23:52:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2006/11/24 23:52:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/11/24 02:50:34 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/11/24 02:47:08 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2006/10/07 13:36:24 | 00,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2005/08/09 10:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2009/11/02 17:16:17 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/11/02 17:16:17 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/02 17:16:17 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/02 17:16:17 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/11/02 17:16:17 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/11/02 17:16:17 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/02 17:16:17 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (4102 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD
O1 - Hosts: 46 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\Program\ADGJDet.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... sp9dmo.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... p43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_41.cab (FilePlanet Download Control Class)
O16 - DPF: {5334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... g4sdmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4 ... s-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4 ... s-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (IWinAmpActiveX Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\twext.exe) - C:\WINDOWS\System32\twext.exe File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/08 16:39:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Atisetup.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/29 12:15:56 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/28 03:07:43 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/11/27 20:23:03 | 00,000,000 | ---D | C] -- C:\Program Files\Giganews Accelerator
[2009/11/27 20:21:36 | 00,968,054 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\Giganews Accelerator Setup.exe
[2009/11/27 19:52:42 | 00,000,000 | ---D | C] -- C:\Program Files\androidnews
[2009/11/27 19:52:10 | 01,742,168 | ---- | C] (SB-Software ) -- C:\Documents and Settings\Owner\Desktop\android61.exe
[2009/11/27 03:05:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/11/27 03:04:54 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/11/27 03:04:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/11/27 03:04:43 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/11/27 03:04:15 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/11/27 03:04:15 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/11/27 03:04:15 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/11/27 03:04:15 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/11/27 03:04:15 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/11/27 03:04:15 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/11/27 03:04:14 | 00,000,000 | ---D | C] -- C:\627fab06938fbafdb81b4a
[2009/11/27 03:01:25 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/11/26 18:57:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/11/25 16:42:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/11/25 16:41:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/25 16:41:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/25 16:41:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/25 16:41:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/25 16:40:43 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/11/25 12:56:06 | 08,084,968 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 3.5.5.exe
[2009/11/25 10:09:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/11/25 09:59:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/25 03:04:51 | 22,698,741 | ---- | C] (EasySpyRemover.com ) -- C:\Documents and Settings\Owner\Desktop\EasySpyRemover_setup.exe
[2009/11/25 02:06:42 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/24 02:47:58 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/11/24 02:46:42 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/11/24 02:46:42 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/11/24 02:45:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/11/24 02:44:31 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/11/24 02:43:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\dvdcss
[2009/11/24 02:43:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/11/24 02:42:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2009/11/23 23:10:07 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/11/23 23:10:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/11/23 23:07:30 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/23 23:05:07 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/11/23 23:05:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/11/23 22:35:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/23 22:14:02 | 00,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2009/11/23 21:34:20 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/23 21:33:50 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/23 21:33:48 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/23 21:33:32 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/23 21:33:30 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/23 21:33:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/11/23 21:32:48 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/23 21:32:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/23 21:04:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/11/23 20:55:34 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/11/23 20:52:53 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/11/23 20:43:38 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/11/23 20:41:25 | 00,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/11/23 20:14:21 | 00,021,361 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\AegisP.sys
[2009/11/23 20:13:14 | 00,000,000 | ---D | C] -- C:\Program Files\Belkin
[2009/11/23 20:12:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\{7B355114-7439-42B6-AB50-516834796D4D}
[2009/11/23 19:56:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\U3
[2007/03/30 14:57:07 | 00,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2004/04/09 16:14:44 | 00,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/29 12:16:06 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/29 12:07:29 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/29 12:07:03 | 45,898,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/29 12:06:43 | 00,106,123 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/29 12:01:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/29 12:01:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/29 05:22:35 | 00,023,196 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000004-00511102}.rfx
[2009/11/29 05:22:35 | 00,023,196 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000004-00511102}.rfx
[2009/11/29 05:22:35 | 00,018,560 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000004-00511102}.rfx
[2009/11/29 05:22:35 | 00,018,560 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000004-00511102}.rfx
[2009/11/29 05:22:35 | 00,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/11/29 05:22:35 | 00,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/11/29 05:22:35 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-00511102}.dat
[2009/11/29 05:22:35 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-00511102}.dat
[2009/11/29 05:22:21 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/29 05:22:21 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/29 05:15:33 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/29 05:00:00 | 00,000,260 | -H-- | M] () -- C:\WINDOWS\tasks\ACDB901191E80199.job
[2009/11/29 04:50:21 | 00,147,456 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 03:14:14 | 00,502,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 03:14:14 | 00,442,092 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 03:14:14 | 00,071,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 03:01:18 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/27 21:27:02 | 00,000,555 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to download.lnk
[2009/11/27 20:21:57 | 00,968,054 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Owner\Desktop\Giganews Accelerator Setup.exe
[2009/11/27 19:52:43 | 00,000,714 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Android Newsgroup Downloader.lnk
[2009/11/27 19:52:18 | 01,742,168 | ---- | M] (SB-Software ) -- C:\Documents and Settings\Owner\Desktop\android61.exe
[2009/11/27 16:35:01 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/27 16:35:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/27 16:35:01 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/11/27 09:07:21 | 00,035,528 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/27 08:48:35 | 00,161,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/27 02:58:34 | 20,654,500 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\scene06_cally_sophia_czech772_007_600k.wmv
[2009/11/27 02:57:51 | 19,836,922 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\scene06_cally_sophia_czech772_006_600k.wmv
[2009/11/27 02:54:05 | 26,257,438 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\scene07_erica_andrea_czech769_006_600k.wmv
[2009/11/27 02:51:25 | 19,461,892 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\scene02_rhona_czech796_004_600k.wmv
[2009/11/27 02:48:15 | 20,669,506 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\scene02_rhona_czech796_007_600k.wmv
[2009/11/27 02:47:51 | 21,352,060 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\scene01_marta_czech777_007_600k.wmv
[2009/11/27 02:38:35 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/11/27 02:37:47 | 00,000,190 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\stream2.asp
[2009/11/26 13:15:21 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/26 01:28:33 | 50,015,260 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\totally_anal_04_scene_2_chunk_4.avi.part
[2009/11/25 16:42:02 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/25 16:41:02 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/11/25 12:59:27 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/25 12:57:52 | 08,084,968 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 3.5.5.exe
[2009/11/25 11:00:47 | 00,006,995 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\#1
[2009/11/25 10:04:25 | 00,000,008 | ---- | M] () -- C:\WINDOWS\bmextreme.dat
[2009/11/25 03:07:02 | 22,698,741 | ---- | M] (EasySpyRemover.com ) -- C:\Documents and Settings\Owner\Desktop\EasySpyRemover_setup.exe
[2009/11/25 02:06:35 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/25 02:06:32 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/24 13:18:40 | 00,010,584 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/11/24 02:48:59 | 00,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2009/11/24 02:47:58 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/11/24 02:46:42 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/11/24 02:46:42 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/11/24 02:44:33 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2009/11/24 02:44:32 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2009/11/24 02:44:32 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/11/24 02:38:19 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/11/23 23:07:19 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/23 22:15:27 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PokerStars.lnk
[2009/11/23 21:33:50 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/23 21:33:50 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/23 21:33:48 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/23 21:33:33 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/23 21:33:30 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/23 21:33:30 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/23 21:33:20 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/23 21:33:20 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/23 21:18:06 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/23 20:14:21 | 00,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\AegisP.sys
[2009/11/23 20:13:17 | 00,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belkin F5D8053 N Wireless USB Adapter Utility.lnk
[2009/11/23 17:49:06 | 00,043,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CD-1404713248-Track08-1 - Chopped (72.4.263 - 96.1.410) 1.sfk
[2009/11/23 17:47:50 | 00,150,356 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\beat mix2.sfk
[2009/11/23 17:47:50 | 00,011,120 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Beat render1.sfk
[2009/11/23 17:47:50 | 00,011,120 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\beat mix.sfk
[2009/11/23 17:41:35 | 00,022,872 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mayfiledwhole.sfk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/27 21:27:02 | 00,000,555 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to download.lnk
[2009/11/27 19:52:43 | 00,000,714 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Android Newsgroup Downloader.lnk
[2009/11/27 02:49:49 | 20,654,500 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\scene06_cally_sophia_czech772_007_600k.wmv
[2009/11/27 02:48:48 | 19,836,922 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\scene06_cally_sophia_czech772_006_600k.wmv
[2009/11/27 02:48:38 | 26,257,438 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\scene07_erica_andrea_czech769_006_600k.wmv
[2009/11/27 02:42:44 | 19,461,892 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\scene02_rhona_czech796_004_600k.wmv
[2009/11/27 02:42:41 | 20,669,506 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\scene02_rhona_czech796_007_600k.wmv
[2009/11/27 02:42:15 | 21,352,060 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\scene01_marta_czech777_007_600k.wmv
[2009/11/27 02:38:35 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/11/27 02:38:35 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/11/27 02:37:47 | 00,000,190 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\stream2.asp
[2009/11/26 01:20:19 | 50,015,260 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\totally_anal_04_scene_2_chunk_4.avi.part
[2009/11/25 22:48:00 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/25 16:42:02 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/25 11:00:47 | 00,006,995 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\#1
[2009/11/24 02:48:59 | 00,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2009/11/24 02:38:17 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/11/23 23:13:03 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/23 23:07:19 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/23 22:15:27 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PokerStars.lnk
[2009/11/23 21:33:50 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/23 21:33:29 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/23 21:33:20 | 45,898,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/23 21:33:20 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/23 21:33:20 | 00,106,123 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/23 21:33:18 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/23 20:13:17 | 00,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belkin F5D8053 N Wireless USB Adapter Utility.lnk
[2009/11/23 17:40:50 | 00,022,872 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mayfiledwhole.sfk
[2007/11/28 04:32:00 | 01,163,264 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2007/04/03 21:00:45 | 00,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/04/03 20:58:50 | 00,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/03/09 13:20:53 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/22 20:29:56 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/12 08:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/11/22 13:00:54 | 00,000,436 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2006/11/11 17:28:43 | 00,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2006/11/03 21:36:09 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2006/05/18 11:00:29 | 00,000,066 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/17 21:35:50 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2006/05/17 21:35:03 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/03/26 23:51:10 | 00,004,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\udffsrec.sys
[2006/03/21 19:50:10 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2006/01/05 19:55:03 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/02 13:24:02 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/05/01 21:27:42 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2004/12/22 10:59:14 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mpauth.dat
[2004/10/20 19:48:48 | 00,003,478 | ---- | C] () -- C:\WINDOWS\System32\digicoin.dll
[2004/04/11 12:32:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2004/04/10 11:19:30 | 00,010,584 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/04/09 17:54:17 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/09 16:14:35 | 00,000,166 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/04/09 16:14:15 | 00,027,679 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/04/09 16:14:12 | 00,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2004/04/09 16:13:34 | 00,147,456 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/09 16:10:06 | 00,000,317 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/04/09 14:46:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Medi8or.ini
[2004/04/09 14:42:07 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2004/04/09 14:36:43 | 00,000,211 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/04/09 14:28:34 | 00,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/04/09 10:16:10 | 00,043,492 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2004/04/09 10:16:09 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2003/01/30 07:04:00 | 00,618,496 | ---- | C] () -- C:\WINDOWS\System32\StlpMt45.dll
[2002/10/10 13:13:30 | 00,000,236 | ---- | C] () -- C:\WINDOWS\System32\IN-WIN.ini
[1999/09/20 10:05:32 | 00,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys

========== LOP Check ==========

[2009/11/23 21:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/11/23 21:32:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/03/29 22:20:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dart jump plan ante
[2006/11/03 21:36:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/03/30 15:29:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2004/10/20 19:53:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2004/10/22 12:17:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2009/11/25 16:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/03 21:36:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/03/29 12:37:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/23 23:07:49 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2006/01/31 14:49:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2007/03/22 13:28:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2007/05/05 00:26:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CyberMotion 3D-Designer
[2006/04/19 16:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Digidesign
[2007/01/06 01:28:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EBookSys
[2006/11/03 00:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ethereal
[2004/04/09 15:08:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2004/04/11 12:33:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2005/11/07 21:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2004/05/07 17:14:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2006/11/03 21:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2006/11/24 23:49:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2004/10/22 12:18:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Propellerhead Software
[2004/05/27 00:02:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2007/03/29 22:20:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Rect for comp
[2007/03/22 17:34:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife
[2006/10/07 13:36:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2007/03/25 02:44:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2007/04/03 11:46:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2005/03/28 09:53:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug
[2005/07/21 13:14:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WholeSecurity
[2004/07/14 17:02:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\X10 Commander
[2009/11/29 05:00:00 | 00,000,260 | -H-- | M] () -- C:\WINDOWS\Tasks\ACDB901191E80199.job
[2009/11/26 13:15:21 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
Miggy
Active Member
 
Posts: 6
Joined: November 25th, 2009, 3:02 pm

Re: Multiple virus and malware infections, please help clean up!

Unread postby askey127 » November 30th, 2009, 7:43 am

Miggy,
This is kind of long, but you can do it. Just take one step at a time.
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?f=11&t=33112
As a condition of receiving our help, I have included the P2P programs BitTorrent, uTorrent, and Morpheus in the removal instructions below, so we are not wasting our time.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Java Web Start
Java 2 Runtime Environment, SE v1.4.1_02
BitTorrent
uTorrent
Morpheus
Morpheus Toolbar

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
File Deletion
In Windows Explorer (My Computer), navigate to the folder shown below, select View, Details, highlight the listed file only, and press Delete. Be careful not to delete any file without double-checking the exact spelling of the filename.
C:\Windows\Tasks\ACDB901191E80199.job
If you have any problem deleting the file, right click the file and choose Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
If a message pops up saying "File in use", or something like that, hit Ctrl-Alt-Delete and look under the Processes tab. If the exact filename is in there, highlight it and click End Process, then retry Delete.
Please Note if you cannot delete or find.
-----------------------------------------------------------
Folder Deletion
In Windows Explorer (My Computer), navigate to each folder shown below, highlight each one in turn shown in red, if found, and press Delete.
C:\Program Files\BitTorrent\ <== this folder only
C:\Program Files\uTorrent\ <== this folder only
C:\Program Files\Morpheus\ <== this folder only
You may have to first open the folder, choose View, Details, and delete all the underlying files and folders before an entire folder can be deleted.
If you need to delete underlying files in a folder and are unable to do so:
Right click the file set for deletion, and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
If a message pops up saying "File in use", or something like that,, note the name of the file, hit Ctrl-Alt-Delete and look under the Processes tab. If the exact filename is in there, highlight it and click End Process, then retry Delete.
Please Note the name and location of any item you cannot delete, or any file not found.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Download ATF Cleaner by Atribune © from here : http://www.atribune.org/ccount/click.php?id=1
It is a stand-alone program that does not need to be "installed". Save it to a convenient location and make a shortcut on your desktop.
Double-click ATF-Cleaner.exe or your shortcut to run the program.
Under Main, choose Select All
Click Empty Selected
Click Firefox in the top bar, and choose Select All
Click on Empty Selected
NOTE: If you would like to keep any saved passwords, please click No at the prompt.
When it tells you how much has been removed, click Exit from the Main window.
--------------------------------------------------------
Remove Older Acrobat as the Default PDF Reader
You can keep your older Adobe Acrobat 5, but using it to open PDF files from the net is risky.
We have removed the registry entries which call for using the older Acrobat to read PDF files.
You can still use the Older Acrobat from Start, All Programs, but we will install a new Adobe Reader for use as the default application on Internet PDF files.
Next, Download and Install the newest version of Adobe Reader.
Any versions numbered lower than 9.2 should be replaced.
  • Go HERE and click on AdbeRdr920_en_US.exe to download the latest version of Adobe Acrobat Reader.
  • Save this file to your desktop and run it to install the latest version.

------------------------------------------------------------
Download the latest version of Java Runtime Environment here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
Scroll down - It is currently the 5th item on the page (the page changes often), called JRE 6 Update 17
Select Windows and multi-language, and check to agree to the license.
Choose Windows Offline installation version.
Download it, choose Save, and save it to your desktop.
Then doubleclick it, and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.
-----------------------------------------------------
Run an Online Kaspersky WebScan
  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post the contents of this log in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple virus and malware infections, please help clean up!

Unread postby Miggy » December 1st, 2009, 2:34 am

Hi,

I could not remove Morpheus Toolbar because the module could not be located.

I could not find the file C:\Windows\Tasks\ACDB901191E80199.job

Lastly, Kaspersky would not work for me. I got a message stating that I need Java Framework 1.5 or later, but I installed the latest Java update, so I am at loss right now.

Thanks again,

Miggy
Miggy
Active Member
 
Posts: 6
Joined: November 25th, 2009, 3:02 pm

Re: Multiple virus and malware infections, please help clean up!

Unread postby askey127 » December 1st, 2009, 7:36 am

Miggy,
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    [2009/11/29 05:00:00 | 00,000,260 | -H-- | M] () -- C:\WINDOWS\Tasks\ACDB901191E80199.job
    [2007/04/03 11:46:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
    [2007/03/22 13:28:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

-----------------------------------------------
Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Disable or Exit your current AVG Antivirus software. You can usually do this with its Notification Tray icon (right click) near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile will be created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please paste the contents of this file in your next post.

You can use separate posts for the two logs if it's more convenient.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple virus and malware infections, please help clean up!

Unread postby Miggy » December 3rd, 2009, 11:25 pm

Hi,

here is the OTL log after the fix:

OTL logfile created on: 12/3/2009 7:22:53 PM - Run 2
OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 68.20% Memory free
2.21 Gb Paging File | 1.76 Gb Available in Paging File | 79.89% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 27.21 Gb Free Space | 36.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ati2evxx.exe ()
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\linkinfo.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (TivoBeacon2) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe (TiVo Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (SymWSC) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (DigiRefresh) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe ()
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (WMDM PMSP Service) -- C:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hiphopsite.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.cfr.org"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.autoconfig_url: "http://ucsbuxa.ucsb.edu:9000/ucsblibrary"
FF - prefs.js..network.proxy.http: "http://www.ucsbuxa.ucsb.edu:9000/ucsblibrary"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/23 21:32:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/25 12:59:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/30 15:45:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2006/11/03 22:24:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2009/11/30 22:23:05 | 00,000,000 | ---D | M]

[2009/11/25 13:01:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/12/03 01:54:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyemsav7.default\extensions
[2005/12/22 11:32:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyemsav7.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2009/12/03 01:54:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/10/07 13:36:24 | 00,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2005/08/09 10:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll

O1 HOSTS File: (4102 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD
O1 - Hosts: 46 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\Program\ADGJDet.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.exe (Creative Technology Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... sp9dmo.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... p43dmo.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_41.cab (FilePlanet Download Control Class)
O16 - DPF: {5334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... g4sdmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (IWinAmpActiveX Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\twext.exe) - C:\WINDOWS\System32\twext.exe File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/08 16:39:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Atisetup.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/12/03 19:22:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Kaitlyn
[2009/12/03 18:52:00 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/01 05:18:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Japan 1
[2009/12/01 05:17:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Japan 2
[2009/12/01 04:41:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\QuickPar
[2009/12/01 04:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\QuickPar
[2009/12/01 02:46:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Ipod Movies
[2009/12/01 02:14:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Ipod Pictures
[2009/11/30 16:17:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/11/30 15:36:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2009/11/29 13:21:02 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/29 13:21:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/29 13:19:37 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/11/29 13:15:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple
[2009/11/29 13:15:07 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/11/29 13:11:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/11/29 13:11:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/11/29 12:15:56 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/27 20:23:03 | 00,000,000 | ---D | C] -- C:\Program Files\Giganews Accelerator
[2009/11/27 19:52:42 | 00,000,000 | ---D | C] -- C:\Program Files\androidnews
[2009/11/27 03:05:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/11/27 03:04:54 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/11/27 03:04:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/11/27 03:04:43 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/11/27 03:04:14 | 00,000,000 | ---D | C] -- C:\627fab06938fbafdb81b4a
[2009/11/27 03:01:25 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/11/26 18:57:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/11/25 16:42:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/11/25 16:41:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/25 16:41:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/25 16:41:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/25 16:41:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/25 10:09:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/11/25 09:59:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/25 02:06:42 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/24 02:45:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/11/24 02:44:31 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/11/24 02:43:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\dvdcss
[2009/11/24 02:43:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/11/24 02:42:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2009/11/23 23:10:07 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/11/23 23:10:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/11/23 23:07:30 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/23 23:05:07 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/11/23 23:05:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/11/23 22:35:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/23 22:14:02 | 00,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2009/11/23 21:34:20 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/23 21:33:50 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/23 21:33:48 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/23 21:33:32 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/23 21:33:30 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/23 21:33:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/11/23 21:32:48 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/23 21:32:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/23 21:04:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/11/23 20:13:14 | 00,000,000 | ---D | C] -- C:\Program Files\Belkin
[2009/11/23 20:12:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\{7B355114-7439-42B6-AB50-516834796D4D}
[2009/11/23 19:56:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\U3
[2007/03/30 14:57:07 | 00,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2004/04/09 16:14:44 | 00,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 14 Days ==========

[2009/12/03 18:59:57 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/03 18:53:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/03 18:53:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/03 18:52:30 | 00,023,196 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000004-00511102}.rfx
[2009/12/03 18:52:30 | 00,023,196 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000004-00511102}.rfx
[2009/12/03 18:52:30 | 00,018,560 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000004-00511102}.rfx
[2009/12/03 18:52:30 | 00,018,560 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000001-00001102-00000004-00511102}.rfx
[2009/12/03 18:52:30 | 00,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/12/03 18:52:30 | 00,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/12/03 18:52:30 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-00511102}.dat
[2009/12/03 18:52:30 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-00511102}.dat
[2009/12/03 18:52:22 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/03 18:52:22 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/03 18:11:12 | 46,116,079 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/03 18:10:52 | 00,111,946 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/02 16:15:28 | 00,151,552 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/02 05:21:06 | 11,487,9272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tg29_heidesummer_long_7.wmv
[2009/12/01 04:39:06 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\QuickPar.lnk
[2009/11/29 13:15:04 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/29 12:50:40 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/29 12:16:06 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/28 03:14:14 | 00,502,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 03:14:14 | 00,442,092 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 03:14:14 | 00,071,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 03:01:18 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/27 21:27:02 | 00,000,555 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to download.lnk
[2009/11/27 19:52:43 | 00,000,714 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Android Newsgroup Downloader.lnk
[2009/11/27 16:35:01 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/27 16:35:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/27 16:35:01 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/11/27 09:07:21 | 00,035,528 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/27 08:48:35 | 00,161,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/27 02:38:35 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/11/25 16:42:02 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/25 12:59:27 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/25 10:04:25 | 00,000,008 | ---- | M] () -- C:\WINDOWS\bmextreme.dat
[2009/11/25 02:06:35 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/25 02:06:32 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/24 13:18:40 | 00,010,584 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/11/24 02:44:32 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/11/24 02:38:19 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/11/23 23:07:19 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/23 22:15:27 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PokerStars.lnk
[2009/11/23 21:33:50 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/23 21:33:50 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/23 21:33:48 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/23 21:33:33 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/23 21:33:30 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/23 21:33:30 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/23 21:33:20 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/23 21:33:20 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/23 21:18:06 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/23 20:13:17 | 00,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belkin F5D8053 N Wireless USB Adapter Utility.lnk
[2009/11/23 17:49:06 | 00,043,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CD-1404713248-Track08-1 - Chopped (72.4.263 - 96.1.410) 1.sfk
[2009/11/23 17:47:50 | 00,150,356 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\beat mix2.sfk
[2009/11/23 17:47:50 | 00,011,120 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Beat render1.sfk
[2009/11/23 17:47:50 | 00,011,120 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\beat mix.sfk
[2009/11/23 17:41:35 | 00,022,872 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mayfiledwhole.sfk

========== Files Created - No Company Name ==========

[2009/12/02 05:04:28 | 11,487,9272 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tg29_heidesummer_long_7.wmv
[2009/12/01 04:39:06 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\QuickPar.lnk
[2009/11/27 21:27:02 | 00,000,555 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to download.lnk
[2009/11/27 19:52:43 | 00,000,714 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Android Newsgroup Downloader.lnk
[2009/11/27 02:38:35 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/11/27 02:38:35 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/11/25 22:48:00 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/25 16:42:02 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/24 02:38:17 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/11/23 23:13:03 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/23 23:07:19 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/23 22:15:27 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PokerStars.lnk
[2009/11/23 21:33:50 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/23 21:33:29 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/23 21:33:20 | 46,116,079 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/23 21:33:20 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/23 21:33:20 | 00,111,946 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/23 21:33:18 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/23 20:13:17 | 00,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belkin F5D8053 N Wireless USB Adapter Utility.lnk
[2009/11/23 17:40:50 | 00,022,872 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mayfiledwhole.sfk
[2007/11/28 04:32:00 | 01,163,264 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2007/04/03 21:00:45 | 00,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/04/03 20:58:50 | 00,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/03/09 13:20:53 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/22 20:29:56 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/12 08:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/11/22 13:00:54 | 00,000,436 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2006/11/11 17:28:43 | 00,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2006/11/03 21:36:09 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2006/05/18 11:00:29 | 00,000,066 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/17 21:35:50 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2006/05/17 21:35:03 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/03/26 23:51:10 | 00,004,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\udffsrec.sys
[2006/03/21 19:50:10 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2006/01/05 19:55:03 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/02 13:24:02 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/05/01 21:27:42 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2004/12/22 10:59:14 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mpauth.dat
[2004/10/20 19:48:48 | 00,003,478 | ---- | C] () -- C:\WINDOWS\System32\digicoin.dll
[2004/04/11 12:32:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2004/04/10 11:19:30 | 00,010,584 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/04/09 17:54:17 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/09 16:14:35 | 00,000,166 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/04/09 16:14:15 | 00,027,679 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/04/09 16:14:12 | 00,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2004/04/09 16:13:34 | 00,151,552 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/09 16:10:06 | 00,000,317 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/04/09 14:46:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Medi8or.ini
[2004/04/09 14:42:07 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2004/04/09 14:36:43 | 00,000,211 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/04/09 14:28:34 | 00,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/04/09 10:16:10 | 00,043,492 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2004/04/09 10:16:09 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2003/01/30 07:04:00 | 00,618,496 | ---- | C] () -- C:\WINDOWS\System32\StlpMt45.dll
[2002/10/10 13:13:30 | 00,000,236 | ---- | C] () -- C:\WINDOWS\System32\IN-WIN.ini
[1999/09/20 10:05:32 | 00,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys

========== LOP Check ==========

[2009/11/23 21:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/11/23 21:32:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/03/29 22:20:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dart jump plan ante
[2006/11/03 21:36:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/03/30 15:29:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2004/10/20 19:53:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2004/10/22 12:17:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2009/11/25 16:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/03 21:36:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/03/29 12:37:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/29 13:22:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/23 23:07:49 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2006/01/31 14:49:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2007/05/05 00:26:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CyberMotion 3D-Designer
[2006/04/19 16:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Digidesign
[2007/01/06 01:28:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EBookSys
[2006/11/03 00:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ethereal
[2004/04/09 15:08:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2004/04/11 12:33:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2005/11/07 21:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2004/05/07 17:14:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2006/11/03 21:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2006/11/24 23:49:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2004/10/22 12:18:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Propellerhead Software
[2004/05/27 00:02:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2007/03/29 22:20:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Rect for comp
[2007/03/22 17:34:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife
[2006/10/07 13:36:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2007/03/25 02:44:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2005/03/28 09:53:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug
[2005/07/21 13:14:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WholeSecurity
[2004/07/14 17:02:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\X10 Commander
[2009/11/29 13:15:04 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Thanks,

Miggy
Miggy
Active Member
 
Posts: 6
Joined: November 25th, 2009, 3:02 pm

Re: Multiple virus and malware infections, please help clean up!

Unread postby Miggy » December 4th, 2009, 12:54 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=79c9496264536a4d8e9a365c65b095b3
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-04 04:51:51
# local_time=2009-12-03 08:51:51 (-0800, Pacific Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 643617 643617 0 0
# compatibility_mode=768 16777215 100 0 83741585 83741585 0 0
# compatibility_mode=1024 16777191 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=103893
# found=0
# cleaned=0
# scan_time=3945
Miggy
Active Member
 
Posts: 6
Joined: November 25th, 2009, 3:02 pm

Re: Multiple virus and malware infections, please help clean up!

Unread postby askey127 » December 4th, 2009, 7:04 am

Miggy,
-----------------------------------------------------------
Copy/Paste/Run a Registry Edit
Copy/paste the following quote box into a new notepad document:
Code: Select all
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"


Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Save it as File Type All Files (not as a Text document, or it won't work).
Save it to your Desktop as fixme.reg
Double click fixme.reg on your Desktop, and merge it into the registry when asked.
Reboot Windows.
-----------------------------------------------------------
Run a File Search
Press Start->Run, copy/paste the following command into the box and press OK:
cmd /c dir C:\*.* /L /A /B /S|Find "twext.exe" >> "%userprofile%\desktop\look.txt"

A blank command window will open on your desktop, then close in a minute or two. This is normal.
A file called look.txt should appear on your Desktop. Please post the contents of this file.

So we are looking for the contents of look.txt on your desktop.
Tell me how your machine is running.
Is there a specific reason why you have not updated your Windows to Service Pack 3?
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple virus and malware infections, please help clean up!

Unread postby Miggy » December 7th, 2009, 6:28 am

I ran the command but there was nothing in the text file.

Other than that, the machine is running and looking good.

I had initially stopped using this computer because I was worried about viruses and other malware. I just recently booted it up again, did a quick run of adaware and avg free, then came here for sophisticated help. Long story short, I plan on updating to sp3 very soon.

I really appreciate all the help, and at first didn't really believe I would get personalized help about malware on my computer, but this site is amazing! I know you guys are busy, but I had to recommend this site for a couple people. Thanks for spending some time on this.

Miggy
Miggy
Active Member
 
Posts: 6
Joined: November 25th, 2009, 3:02 pm

Re: Multiple virus and malware infections, please help clean up!

Unread postby askey127 » December 7th, 2009, 7:13 am

Miggy,
You should run an Update and Quick Scan with Malwarebytes Anti-Malware every week or so.
You won't need Ad-Aware.
If you don't install SP3 quickly, the machine will become infected again. Many of the bad guys out there look for machines that have not been fully patched.

Good Luck.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple virus and malware infections, please help clean up!

Unread postby NonSuch » December 10th, 2009, 5:43 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware