Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

wolfenstien logs

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

wolfenstien logs

Unread postby wolfenstien » April 12th, 2011, 1:07 pm

I dl'd DDS and tried to run it, it got to 51 double dots. then nothing. I clicked outside of it and my computer locked up. I had to reboot. After it rebooted I ran it on a fesh boot and it did not go past 51 double dots. I dont have any script blockers running that i know of. After it sat for about 8-10 minuts at 51 double dots, I clicked to open myy browser and the computer locked up again.
Any advice would be helpful.
Thanks
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm
Advertisement
Register to Remove

Re: wolfenstien logs

Unread postby Gary R » April 14th, 2011, 4:33 pm

What problems are you having with your computer other than the fact that you can't run a dds scan ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: wolfenstien logs

Unread postby wolfenstien » April 14th, 2011, 11:43 pm

hickups... system locking up for 3-5 seconds at a time every 30-45 seconds. Plus a site that I frequent was attacked and several people have reported infections traced back to the site. The hickuping did not start until after this attack. I havenet opened anything that I should not have but I also know that some infections can be transfered from a site just by loading the site.
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: wolfenstien logs

Unread postby Gary R » April 15th, 2011, 1:22 am

OK, if you can't run DDS, lets see if you can run any other scans.

Download OTL by OldTimer to your Desktop.

Alternative Download

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Under Custom Scans/Fixes copy/paste the contents of the code box below.
Code: Select all
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents

  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: wolfenstien logs

Unread postby wolfenstien » April 15th, 2011, 12:58 pm

OTL.txt
OTL logfile created on: 4/15/2011 12:35:41 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Snake\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.00 Mb Total Physical Memory | 202.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.22 Gb Total Space | 1.09 Gb Free Space | 4.17% Space Free | Partition Type: FAT32
Drive D: | 26.71 Gb Total Space | 14.09 Gb Free Space | 52.74% Space Free | Partition Type: FAT32
Drive E: | 914.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ACER-2 | User Name: Snake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/15 01:29:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Snake\Desktop\OTL.exe
PRC - [2011/03/24 00:46:58 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2006/05/24 14:31:08 | 000,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
PRC - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2004/08/04 05:00:00 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorered.exe


========== Modules (SafeList) ==========

MOD - [2011/04/15 01:29:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Snake\Desktop\OTL.exe
MOD - [2006/08/25 10:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/30 15:53:14 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/05/02 17:34:28 | 005,027,328 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files\wLite\wService.exe -- (wxpSvc)
SRV - [2006/10/16 14:32:40 | 000,848,888 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2006/05/24 14:31:08 | 000,372,736 | ---- | M] () [Auto | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)
SRV - [2004/10/29 15:29:16 | 000,086,016 | ---- | M] (NetGroup - Politecnico di Torino) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)


========== Driver Services (SafeList) ==========

DRV - [2009/04/06 19:13:10 | 000,045,344 | ---- | M] (FotoNation Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CoachVid.sys -- (CoachVid)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/08/16 20:45:06 | 000,533,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt931a.sys -- (SQ931)
DRV - [2007/02/15 19:57:06 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/10/20 12:42:42 | 000,020,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/10/06 06:31:00 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/10/06 06:28:28 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2005/10/31 17:44:40 | 000,010,880 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper)
DRV - [2005/03/02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/02/25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/02/24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/05 01:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/10/29 15:14:04 | 000,032,000 | ---- | M] (NetGroup - Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2004/10/07 19:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/11 01:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 05:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2003/12/05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/def ... earch.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-754788786-1973002913-4074281658-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE - HKU\S-1-5-21-754788786-1973002913-4074281658-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-754788786-1973002913-4074281658-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {55ce2530-61df-4ddc-b287-feae64e70575}:0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/01/23 19:13:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/01/23 19:13:48 | 000,000,000 | ---D | M]

[2009/11/30 19:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Snake\Application Data\Mozilla\Extensions
[2011/03/24 00:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Snake\Application Data\Mozilla\Extensions\home2@tomtom.com
[2008/01/23 19:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Snake\Application Data\Mozilla\Firefox\Profiles\olwtizpe.default\extensions
[2010/02/06 17:30:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Snake\Application Data\Mozilla\Firefox\Profiles\olwtizpe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/25 02:01:58 | 000,000,000 | ---D | M] (RefreshBlocker) -- C:\Documents and Settings\Snake\Application Data\Mozilla\Firefox\Profiles\olwtizpe.default\extensions\{55ce2530-61df-4ddc-b287-feae64e70575}
[2008/01/23 19:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/26 23:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/26 22:59:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (CoTGT_BHO Class) - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll ()
O3 - HKU\S-1-5-21-754788786-1973002913-4074281658-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKU\S-1-5-21-754788786-1973002913-4074281658-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-754788786-1973002913-4074281658-1005..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-754788786-1973002913-4074281658-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftup ... 4143735481 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 4143720075 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (explorered.exe) - C:\WINDOWS\explorered.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Program Files\TGTSoft\StyleXP\CurrentLogon.EXE) - C:\Program Files\TGTSoft\StyleXP\CurrentLogon.EXE (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Snake\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Snake\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/09 09:51:26 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/03/13 00:30:32 | 085,065,133 | ---- | M] () - D:\AutostarWeb50.EXE -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
MsConfig - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
MsConfig - StartUpReg: eRecoveryService - hkey= - key= - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= - File not found
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: LaunchApp - hkey= - key= - C:\WINDOWS\Alaunch.exe (Acer Inc.)
MsConfig - StartUpReg: LManager - hkey= - key= - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
MsConfig - StartUpReg: MimBoot - hkey= - key= - C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSPY2002 - hkey= - key= - File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NWEReboot - hkey= - key= - File not found
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found
MsConfig - StartUpReg: SiS Windows KeyHook - hkey= - key= - File not found
MsConfig - StartUpReg: SiSPower - hkey= - key= - File not found
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SQ931STI - hkey= - key= - C:\WINDOWS\SQ931STI.exe ()
MsConfig - StartUpReg: STYLEXP - hkey= - key= - C:\Program Files\TGTSoft\StyleXP\StyleXP.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: SynTPLpr - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
MsConfig - StartUpReg: WatchDog - hkey= - key= - C:\Program Files\mobile PhoneTools\WatchDog.exe ()
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/15 01:29:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Snake\Desktop\OTL.exe
[2011/04/08 16:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Snake\Application Data\Foxit Software
[2011/04/03 22:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Snake\My Documents\Wood Working Plans
[2011/04/03 22:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2011/04/03 22:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/04/03 20:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\webcamXP 5
[2011/04/03 20:27:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\webcamXP 5
[2011/04/03 20:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\wLite
[2011/03/30 22:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/03/24 00:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/03/24 00:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Snake\My Documents\TomTom
[2011/03/24 00:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Snake\Local Settings\Application Data\TomTom
[2011/03/24 00:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Snake\Application Data\TomTom
[2011/03/24 00:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Snake\Start Menu\Programs\TomTom
[2011/03/24 00:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2011/03/24 00:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2011/03/21 03:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Snake\Application Data\Stellarium
[2011/03/21 03:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stellarium
[2011/03/21 03:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Stellarium
[2008/01/12 18:26:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Snake\Application Data\pcouffin.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/15 01:29:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Snake\Desktop\OTL.exe
[2011/04/13 22:00:18 | 000,367,183 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\Bed_time_by_l2ayner.jpg
[2011/04/12 13:05:04 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/12 13:05:04 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/12 13:01:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/04/12 13:00:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/12 13:00:44 | 736,677,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/12 12:41:46 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\dds.scr
[2011/04/11 02:30:22 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/08 22:29:12 | 000,008,375 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\attachments_2011_04_08.zip
[2011/04/08 19:29:10 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\old8_footer2.gif
[2011/04/08 19:29:08 | 000,007,451 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\oldies81.jpg
[2011/04/07 02:52:36 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\Snake\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2011/04/06 15:46:28 | 000,189,571 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\lowes waver bird house.pdf
[2011/04/06 11:50:12 | 000,189,569 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\Lowes Waver Form.pdf
[2011/04/03 22:04:54 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\Snake\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/04/03 22:04:54 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/04/03 20:57:14 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Snake\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/03 19:43:02 | 000,001,443 | ---- | M] () -- C:\Documents and Settings\Snake\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2011/03/30 22:23:24 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/03/26 03:12:24 | 003,629,981 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\LHD45EL_LHD65EL_LHD65EBL.pdf
[2011/03/21 03:38:18 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Stellarium.lnk
[2011/03/20 02:02:40 | 000,002,095 | ---- | M] () -- C:\WINDOWS\AutostarSuite.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/13 22:00:15 | 000,367,183 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\Bed_time_by_l2ayner.jpg
[2011/04/12 12:41:54 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\dds.scr
[2011/04/08 22:30:52 | 000,007,451 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\oldies81.jpg
[2011/04/08 22:30:52 | 000,000,914 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\old8_footer2.gif
[2011/04/08 22:29:22 | 000,008,375 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\attachments_2011_04_08.zip
[2011/04/06 15:46:27 | 000,189,571 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\lowes waver bird house.pdf
[2011/04/06 11:50:11 | 000,189,569 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\Lowes Waver Form.pdf
[2011/04/03 22:04:53 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\Snake\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/04/03 22:04:53 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/03/30 22:23:22 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/03/26 03:11:30 | 003,629,981 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\LHD45EL_LHD65EL_LHD65EBL.pdf
[2011/03/21 03:38:16 | 000,001,540 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Stellarium.lnk
[2010/09/08 23:16:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2010/09/08 23:16:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/03/13 00:10:24 | 000,708,608 | ---- | C] () -- C:\WINDOWS\SQCap.exe
[2009/03/13 00:10:24 | 000,151,552 | ---- | C] () -- C:\WINDOWS\SQ931STI.exe
[2009/03/13 00:10:23 | 000,015,346 | ---- | C] () -- C:\WINDOWS\931TwCfg.INI
[2009/03/13 00:10:22 | 000,533,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\Capt931a.sys
[2009/03/13 00:10:22 | 000,032,256 | ---- | C] () -- C:\WINDOWS\PCCam.exe
[2009/03/13 00:10:22 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\Camd931a.sys
[2009/03/12 16:29:40 | 000,002,095 | ---- | C] () -- C:\WINDOWS\AutostarSuite.ini
[2009/03/12 15:14:48 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008/04/05 15:34:09 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SA2004.ini
[2008/01/23 19:14:51 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/12 18:26:40 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Snake\Application Data\ezpinst.exe
[2008/01/12 18:26:40 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Snake\Application Data\pcouffin.cat
[2008/01/12 18:26:40 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Snake\Application Data\pcouffin.inf
[2007/03/13 19:38:56 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/11/02 14:17:01 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\Snake\Application Data\.zreglib
[2006/10/06 08:01:55 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2006/10/06 08:01:44 | 000,000,041 | ---- | C] () -- C:\WINDOWS\FindServ.INI
[2006/10/06 07:15:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/06 06:45:46 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/06 06:30:59 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/10/06 06:28:27 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd7869.sys
[2006/10/06 05:55:44 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Snake\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/05 23:14:54 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006/08/27 20:04:52 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
[2006/08/27 20:04:52 | 000,002,790 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2005/03/09 09:53:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/03/09 09:51:52 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/03/09 09:50:58 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/03/09 09:50:58 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/03/09 09:50:58 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/03/09 09:50:58 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/03/07 12:32:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/07 12:31:50 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2005/03/07 12:26:42 | 000,445,938 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/03/07 12:26:42 | 000,072,978 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/03/07 12:22:46 | 000,000,313 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/03/07 12:22:46 | 000,000,222 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005/03/07 12:22:46 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/03/07 12:18:32 | 000,311,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/07 12:08:02 | 000,201,667 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/03/07 11:49:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/03/07 11:47:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/03/04 14:51:52 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/02/21 14:37:36 | 000,001,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/02/02 19:35:02 | 000,037,774 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/04 17:00:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/11/24 14:05:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2004/10/27 15:47:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2004/09/07 14:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/15 06:01:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2003/11/26 16:10:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2003/11/26 16:10:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/24 01:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/26 17:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/26 17:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/07/06 00:19:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

========== LOP Check ==========

[2006/10/06 06:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/01/12 18:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2009/11/20 18:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/12/16 16:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2011/03/24 00:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/04/03 20:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\webcamXP 5
[2006/10/09 08:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\SlySoft
[2006/10/12 18:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\Opera
[2007/01/24 20:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\Musicmatch
[2008/01/12 18:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\Vso
[2008/04/05 15:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\DeLorme
[2008/10/29 13:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\uTorrent
[2009/11/30 19:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\Unity
[2010/06/24 19:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\SmartDraw
[2010/06/24 19:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\HotSync
[2011/03/21 03:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\Stellarium
[2011/03/24 00:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\TomTom
[2011/04/08 16:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\Foxit Software
[2011/04/12 13:01:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/03/09 09:55:00 | 000,000,076 | RHS- | M] () -- C:\PRELOAD.AAA
[2005/03/07 11:31:20 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/04 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/01/22 05:39:44 | 000,000,353 | RHS- | M] () -- C:\boot.ini
[2005/03/07 11:49:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/03/09 09:51:26 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/03/07 11:49:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/03/07 11:49:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/12 13:00:42 | 1107,296,256 | -HS- | M] () -- C:\pagefile.sys
[2011/04/12 13:00:44 | 736,677,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/26 21:28:16 | 000,000,419 | ---- | M] () -- C:\wepkeys.txt
[2010/11/24 00:11:16 | 000,040,942 | ---- | M] () -- C:\mcdbp.log
[2006/09/05 23:07:48 | 000,000,211 | RHS- | M] () -- C:\BOOT.BKK
[2007/03/13 19:15:50 | 000,000,045 | ---- | M] () -- C:\TEST.XML
[2007/07/16 19:49:10 | 000,000,146 | ---- | M] () -- C:\YServer.txt


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/03 21:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2009/02/06 13:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/03 21:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 21:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2006/12/24 09:56:48 | 000,096,256 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd7869.sys
[2006/10/06 06:28:28 | 000,664,064 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
[2006/10/06 06:31:00 | 000,223,128 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dtscsi.sys

< %systemroot%\System32\config\*.sav >
[2005/03/07 11:40:12 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2005/03/07 11:40:12 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/03/07 11:40:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\system32\drivers\*.sys /90 >

< %PROGRAMFILES%\*. >
[2005/03/07 11:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/03/07 11:46:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/03/07 11:46:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/03/07 11:46:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2005/03/07 11:46:24 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2005/03/07 11:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2005/03/07 11:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2005/03/07 11:47:16 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2005/03/07 11:47:38 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/03/07 11:47:40 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2005/03/07 11:47:40 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2005/03/07 11:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2005/03/07 11:48:14 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/03/07 11:50:00 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2005/03/07 11:50:00 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2005/03/07 11:56:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2005/03/07 11:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2005/03/07 12:01:44 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/03/07 12:01:52 | 000,000,000 | ---D | M] -- C:\Program Files\AvRack
[2005/03/07 12:01:58 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek Sound Manager
[2005/03/07 12:07:52 | 000,000,000 | ---D | M] -- C:\Program Files\sisagp
[2005/03/07 12:10:08 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Inc
[2005/03/07 12:10:56 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2005/03/07 12:14:38 | 000,000,000 | ---D | M] -- C:\Program Files\NewTech Infosystems
[2005/03/07 12:19:22 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2005/03/07 12:27:46 | 000,000,000 | ---D | M] -- C:\Program Files\Arcade
[2006/09/05 23:09:16 | 000,000,000 | ---D | M] -- C:\Program Files\SiS VGA Utilities V3.65f
[2006/09/05 23:11:46 | 000,000,000 | ---D | M] -- C:\Program Files\Launch Manager
[2006/10/06 06:06:06 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2006/10/06 06:07:48 | 000,000,000 | ---D | M] -- C:\Program Files\TGTSoft
[2006/10/06 06:19:56 | 000,000,000 | ---D | M] -- C:\Program Files\mobile PhoneTools
[2006/10/06 06:20:12 | 000,000,000 | ---D | M] -- C:\Program Files\LiveUpdate
[2006/10/06 06:31:00 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools
[2006/10/06 06:39:14 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2006/10/06 07:12:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/10/06 07:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2006/10/06 07:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/10/06 07:14:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/10/06 07:14:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2006/10/06 07:20:30 | 000,000,000 | ---D | M] -- C:\Program Files\Street Atlas USA 2004
[2006/10/09 08:11:42 | 000,000,000 | ---D | M] -- C:\Program Files\CloneDVD
[2006/10/09 14:43:58 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2006/10/12 18:38:38 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2006/10/13 10:23:32 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/10/18 17:06:38 | 000,000,000 | ---D | M] -- C:\Program Files\FlashFXP
[2006/11/02 14:15:32 | 000,000,000 | ---D | M] -- C:\Program Files\SlySoft
[2006/11/15 21:00:34 | 000,000,000 | ---D | M] -- C:\Program Files\RealVNC
[2006/12/24 10:04:14 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2006/12/24 10:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\hp deskjet 930c series
[2007/01/24 20:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\Musicmatch
[2007/01/30 02:30:14 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2007/03/13 19:39:00 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2007/12/27 15:43:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/12/27 16:11:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2007/12/27 16:12:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2007/12/27 16:13:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/12/27 16:16:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/01/12 18:26:34 | 000,000,000 | ---D | M] -- C:\Program Files\1Click DVD Copy Pro
[2008/01/23 19:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/01/24 16:31:34 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2008/10/29 13:40:04 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2009/03/12 15:11:42 | 000,000,000 | ---D | M] -- C:\Program Files\Meade
[2009/03/12 15:14:10 | 000,000,000 | ---D | M] -- C:\Program Files\VirtualMoon
[2009/10/11 06:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/05/07 23:25:48 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/06/24 19:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 2010
[2010/06/26 21:25:00 | 000,000,000 | ---D | M] -- C:\Program Files\Aspecto Software
[2010/06/26 21:31:36 | 000,000,000 | ---D | M] -- C:\Program Files\AirSnare
[2010/06/26 21:31:42 | 000,000,000 | ---D | M] -- C:\Program Files\WinPcap
[2010/06/26 21:36:28 | 000,000,000 | ---D | M] -- C:\Program Files\CommViewWiFi
[2010/10/15 00:19:10 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/12/16 16:37:14 | 000,000,000 | ---D | M] -- C:\Program Files\SoulseekNS
[2011/03/21 03:37:50 | 000,000,000 | ---D | M] -- C:\Program Files\Stellarium
[2011/03/24 00:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2
[2011/03/24 00:46:16 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom International B.V
[2011/04/03 20:27:18 | 000,000,000 | ---D | M] -- C:\Program Files\wLite
[2011/04/03 22:04:50 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-14 07:00:47

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents >
"OOBETimer" = FF D5 71 D6 8B 6A 8D 6F D5 33 93 FD [binary data]

< End of report >


Extras.txt
OTL Extras logfile created on: 4/15/2011 12:35:41 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Snake\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.00 Mb Total Physical Memory | 202.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.22 Gb Total Space | 1.09 Gb Free Space | 4.17% Space Free | Partition Type: FAT32
Drive D: | 26.71 Gb Total Space | 14.09 Gb Free Space | 52.74% Space Free | Partition Type: FAT32
Drive E: | 914.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ACER-2 | User Name: Snake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\flashfxp.exe" = C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\FlashFXP\flashfxp.exe" = C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\wLite\wLite.exe" = C:\Program Files\wLite\wLite.exe:*:Enabled:webcamXP -- (Moonware Studios)
"C:\Program Files\wLite\wService.exe" = C:\Program Files\wLite\wService.exe:*:Enabled:webcamXP Service -- (Moonware Studios)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{236E24F2-D767-406B-B2F0-892D3A0DEA4A}" = USB 2.0 Video Camera
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5242A858-AD61-4130-92D4-BDF5087CE562}" = NTI CD & DVD-Maker
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{69CC0647-7F98-4358-AAB6-4F65C0705400}" = NTI Backup NOW! 4
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{738179D8-3D76-4AFF-A7BE-AEF3B4370CB4}" = Opera 9.02
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 2.4.0.6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Akamai" = Akamai NetSession Interface
"AnyDVD" = AnyDVD
"Autostar Suite" = Autostar Suite
"Autostar Suite Astronomer Edition" = Autostar Suite Astronomer Edition
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"CloneCD" = CloneCD
"CloneDVD.exe_is1" = CloneDVD 3.9
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Envisage Install" = Envisage Install
"FlashFXP v3.17 (Build 1060) Scene Edition" = FlashFXP v3.17 (Build 1060) Scene Edition
"Foxit Reader" = Foxit Reader
"GridVista" = Acer GridVista
"hp deskjet 930c series" = hp deskjet 930c series (Remove only)
"ie8" = Windows Internet Explorer 8
"InstallShield_{5242A858-AD61-4130-92D4-BDF5087CE562}" = NTI CD & DVD-Maker Gold
"InstallShield_{69CC0647-7F98-4358-AAB6-4F65C0705400}" = NTI Backup NOW! 4
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"LManager" = Launch Manager
"Meade Astronomical Software" = Meade Astronomical Software
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"RealVNC_is1" = VNC Enterprise Edition E4.2.7
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Soulseek2" = SoulSeek 157 NS 13e
"Stellarium_is1" = Stellarium 0.10.6.1
"StyleXP" = StyleXP (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.1.2218
"uTorrent" = µTorrent
"Virtual Moon Altas Image Libraries" = Virtual Moon Altas Image Libraries
"Virtual Moon Atlas" = Virtual Moon Atlas
"VLC media player" = VLC media player 1.1.8
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPcapInst" = WinPcap 3.1 beta4
"WinRAR archiver" = WinRAR archiver
"wLite" = webcamXP Lite
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-754788786-1973002913-4074281658-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SmartDraw 2010" = SmartDraw 2010
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 9/5/2010 1:56:06 PM | Computer Name = ACER-2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 9/7/2010 1:47:13 AM | Computer Name = ACER-2 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 9/7/2010 1:47:13 AM | Computer Name = ACER-2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 9/7/2010 1:47:13 AM | Computer Name = ACER-2 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 9/7/2010 1:47:13 AM | Computer Name = ACER-2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 9/7/2010 1:47:13 AM | Computer Name = ACER-2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 9/7/2010 1:47:41 AM | Computer Name = ACER-2 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
the Network Card with network address 0016362F8EC5.

Error - 9/7/2010 2:03:00 AM | Computer Name = ACER-2 | Source = Dhcp | ID = 1002
Description = The IP address lease 76.123.116.240 for the Network Card with network
address 0016362F8EC5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/7/2010 2:07:45 AM | Computer Name = ACER-2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0016362F8EC5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/8/2010 2:32:28 PM | Computer Name = ACER-2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0016362F8EC5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

Am about to run the killer and will post back once it is complete.
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: wolfenstien logs

Unread postby wolfenstien » April 15th, 2011, 1:19 pm

ere is the TDSSKiller log
Code: Select all
2011/04/15 13:13:39.0265 5080	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/15 13:13:39.0593 5080	================================================================================
2011/04/15 13:13:39.0593 5080	SystemInfo:
2011/04/15 13:13:39.0593 5080	
2011/04/15 13:13:39.0593 5080	OS Version: 5.1.2600 ServicePack: 2.0
2011/04/15 13:13:39.0609 5080	Product type: Workstation
2011/04/15 13:13:39.0609 5080	ComputerName: ACER-2
2011/04/15 13:13:39.0609 5080	UserName: Snake
2011/04/15 13:13:39.0609 5080	Windows directory: C:\WINDOWS
2011/04/15 13:13:39.0609 5080	System windows directory: C:\WINDOWS
2011/04/15 13:13:39.0609 5080	Processor architecture: Intel x86
2011/04/15 13:13:39.0609 5080	Number of processors: 1
2011/04/15 13:13:39.0609 5080	Page size: 0x1000
2011/04/15 13:13:39.0609 5080	Boot type: Normal boot
2011/04/15 13:13:39.0609 5080	================================================================================
2011/04/15 13:13:40.0203 5080	Initialize success
2011/04/15 13:14:20.0968 7480	================================================================================
2011/04/15 13:14:20.0968 7480	Scan started
2011/04/15 13:14:20.0968 7480	Mode: Manual; 
2011/04/15 13:14:20.0968 7480	================================================================================
2011/04/15 13:14:21.0843 7480	ACPI            (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/15 13:14:21.0906 7480	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/04/15 13:14:22.0171 7480	aec             (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/04/15 13:14:22.0312 7480	AegisP          (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/15 13:14:22.0453 7480	AFD             (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/04/15 13:14:22.0593 7480	AgereSoftModem  (ceffa3db1657293322e0bdea7d99e754) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/04/15 13:14:23.0171 7480	ALCXWDM         (5dae13401e4d3b8f132bf5867447d661) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/04/15 13:14:23.0531 7480	AmdK8           (a2d5f093f9cb160c183c77015704f156) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/04/15 13:14:23.0765 7480	AnyDVD          (ef832e448aa61e4833844c34cb04b2f1) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/04/15 13:14:24.0281 7480	AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/15 13:14:24.0359 7480	atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/15 13:14:25.0124 7480	Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/15 13:14:25.0765 7480	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/15 13:14:26.0828 7480	BCM43XX         (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/04/15 13:14:26.0984 7480	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/15 13:14:27.0328 7480	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/15 13:14:28.0187 7480	CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/15 13:14:29.0296 7480	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/15 13:14:29.0749 7480	Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/15 13:14:30.0140 7480	Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/15 13:14:31.0984 7480	CmBatt          (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/15 13:14:33.0906 7480	CoachUsb        (fafa3c99864e9df18cb68725bbcf7bca) C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
2011/04/15 13:14:34.0312 7480	CoachVid        (7aefe82c02d4933cee4b7cb78c409845) C:\WINDOWS\system32\DRIVERS\CoachVid.sys
2011/04/15 13:14:34.0406 7480	Compbatt        (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/15 13:14:34.0890 7480	Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/15 13:14:34.0999 7480	DKbFltr         (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\Drivers\DKbFltr.sys
2011/04/15 13:14:35.0140 7480	dmboot          (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/15 13:14:35.0203 7480	dmio            (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/15 13:14:35.0249 7480	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/15 13:14:35.0390 7480	DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/15 13:14:35.0640 7480	drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/15 13:14:35.0765 7480	dtscsi          (6461e57bb51a848aae26f52427b7cf9e) C:\WINDOWS\System32\Drivers\dtscsi.sys
2011/04/15 13:14:35.0765 7480	Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 6461e57bb51a848aae26f52427b7cf9e
2011/04/15 13:14:35.0781 7480	dtscsi - detected Locked file (1)
2011/04/15 13:14:35.0906 7480	ElbyCDFL        (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
2011/04/15 13:14:36.0031 7480	ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/04/15 13:14:36.0140 7480	Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/15 13:14:36.0234 7480	Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/15 13:14:36.0343 7480	Fips            (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/15 13:14:36.0437 7480	Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/15 13:14:36.0546 7480	FltMgr          (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/15 13:14:36.0640 7480	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/15 13:14:36.0703 7480	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/15 13:14:36.0796 7480	gagp30kx        (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/04/15 13:14:36.0859 7480	Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/15 13:14:36.0999 7480	HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/15 13:14:37.0281 7480	HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/15 13:14:37.0640 7480	i8042prt        (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/15 13:14:37.0718 7480	Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/15 13:14:38.0484 7480	Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/15 13:14:38.0546 7480	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/15 13:14:38.0624 7480	IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/15 13:14:38.0734 7480	IpNat           (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/15 13:14:38.0812 7480	IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/15 13:14:38.0937 7480	IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/15 13:14:38.0999 7480	isapnp          (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/15 13:14:39.0312 7480	Kbdclass        (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/15 13:14:40.0234 7480	kmixer          (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/15 13:14:41.0171 7480	KSecDD          (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/15 13:14:42.0484 7480	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/15 13:14:42.0843 7480	Modem           (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/15 13:14:43.0453 7480	Mouclass        (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/15 13:14:44.0203 7480	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/15 13:14:44.0515 7480	MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/15 13:14:46.0359 7480	MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/15 13:14:47.0343 7480	MRxSmb          (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/15 13:14:47.0703 7480	Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/15 13:14:48.0390 7480	MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/15 13:14:48.0499 7480	MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/15 13:14:48.0593 7480	MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/15 13:14:48.0687 7480	mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/15 13:14:48.0828 7480	MSTEE           (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/15 13:14:48.0890 7480	Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/15 13:14:49.0015 7480	NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/15 13:14:49.0093 7480	NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/15 13:14:49.0234 7480	NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/15 13:14:49.0296 7480	NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/15 13:14:49.0406 7480	Ndisuio         (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/15 13:14:49.0484 7480	NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/15 13:14:49.0531 7480	NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/15 13:14:49.0593 7480	NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/15 13:14:49.0703 7480	NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/15 13:14:49.0859 7480	nm              (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/04/15 13:14:50.0015 7480	NPF             (05f6be0427ecb1d4f0985217f30f49f2) C:\WINDOWS\system32\drivers\npf.sys
2011/04/15 13:14:50.0078 7480	Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/15 13:14:51.0140 7480	Ntfs            (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/15 13:14:51.0249 7480	NTIDrvr         (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2011/04/15 13:14:51.0312 7480	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/15 13:14:51.0390 7480	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/15 13:14:51.0453 7480	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/15 13:14:51.0546 7480	Parport         (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/04/15 13:14:51.0609 7480	PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/15 13:14:51.0687 7480	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/15 13:14:51.0765 7480	PCI             (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/15 13:14:51.0953 7480	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/15 13:14:52.0031 7480	Pcmcia          (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/04/15 13:14:52.0171 7480	Pcouffin        (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2011/04/15 13:14:53.0062 7480	pfc             (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/04/15 13:14:53.0187 7480	PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/15 13:14:53.0265 7480	PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/15 13:14:53.0296 7480	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/15 13:14:53.0421 7480	PxHelp20        (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/15 13:14:54.0062 7480	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/15 13:14:54.0156 7480	Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/15 13:14:54.0234 7480	RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/15 13:14:54.0265 7480	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/15 13:14:54.0406 7480	Rdbss           (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/15 13:14:54.0453 7480	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/15 13:14:54.0624 7480	RDPWD           (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/15 13:14:54.0906 7480	redbook         (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/15 13:14:55.0953 7480	RimUsb          (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/04/15 13:14:57.0031 7480	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/15 13:14:57.0499 7480	Serial          (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/04/15 13:14:58.0140 7480	Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/15 13:14:59.0906 7480	SiS315          (8b3cdb4b1453b3a2e6e7300aabe50d0e) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/04/15 13:15:00.0499 7480	SISAGP          (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/04/15 13:15:01.0203 7480	SiSkp           (87a5176a3762b1341619ce63152c1da9) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/04/15 13:15:01.0828 7480	SISNICXP        (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
2011/04/15 13:15:02.0687 7480	SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/15 13:15:04.0187 7480	splitter        (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/15 13:15:04.0343 7480	sptd            (348b9d006751ebae76f006593b397fc5) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/15 13:15:04.0343 7480	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 348b9d006751ebae76f006593b397fc5
2011/04/15 13:15:04.0359 7480	sptd - detected Locked file (1)
2011/04/15 13:15:04.0531 7480	SQ931           (72258cac256d9c3cf0fa6a5eac8fe30c) C:\WINDOWS\system32\Drivers\Capt931a.sys
2011/04/15 13:15:04.0640 7480	sr              (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/15 13:15:04.0796 7480	Srv             (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/15 13:15:04.0937 7480	streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/15 13:15:05.0046 7480	StyleXPHelper   (7e40b43922b2896f40a5930af7489c60) C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe
2011/04/15 13:15:05.0187 7480	swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/15 13:15:05.0328 7480	swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/15 13:15:05.0953 7480	SynTP           (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/04/15 13:15:06.0046 7480	sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/15 13:15:06.0218 7480	Tcpip           (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/15 13:15:06.0343 7480	TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/15 13:15:06.0437 7480	TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/15 13:15:06.0546 7480	TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/15 13:15:06.0843 7480	UBHelper        (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
2011/04/15 13:15:06.0968 7480	Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/15 13:15:07.0187 7480	Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/15 13:15:07.0359 7480	usbaudio        (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/15 13:15:07.0484 7480	usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/15 13:15:07.0578 7480	usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/15 13:15:07.0671 7480	usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/15 13:15:07.0765 7480	usbohci         (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/15 13:15:07.0968 7480	usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/15 13:15:08.0109 7480	usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/15 13:15:08.0234 7480	USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/15 13:15:08.0296 7480	VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/15 13:15:08.0499 7480	VolSnap         (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/15 13:15:08.0593 7480	Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/15 13:15:08.0749 7480	WDC_SAM         (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/04/15 13:15:09.0093 7480	wdmaud          (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/15 13:15:09.0937 7480	WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/15 13:15:10.0796 7480	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/15 13:15:11.0624 7480	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/15 13:15:12.0140 7480	================================================================================
2011/04/15 13:15:12.0140 7480	Scan finished
2011/04/15 13:15:12.0140 7480	================================================================================
2011/04/15 13:15:12.0218 7464	Detected object count: 2
2011/04/15 13:16:29.0046 7464	Locked file(dtscsi) - User select action: Skip 
2011/04/15 13:16:29.0046 7464	Locked file(sptd) - User select action: Skip 
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: wolfenstien logs

Unread postby Gary R » April 15th, 2011, 6:17 pm

You have evidence of the Gaobot worm on your computer ....

PRC - [2004/08/04 05:00:00 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorered.exe
O20 - HKLM Winlogon: Shell - (explorered.exe) - C:\WINDOWS\explorered.exe (Microsoft Corporation)


However I'd like to get confirmation of this by running an online scan ....

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

QUESTION: Did you add all the startup entries to MSConfig ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: wolfenstien logs

Unread postby wolfenstien » April 16th, 2011, 3:02 am

I havent "added" anything to the startup in msconfig, i have unselected things in the startup tab of msconfig to help the laptop boot faster. Plus I hate when things automatically run with me starting them, like the yahoo messenger and such.

here is the log from ESET:
Code: Select all
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=e892e11c5fce954cb89488a94b11980a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-16 06:58:38
# local_time=2011-04-16 02:58:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=82933
# found=2
# cleaned=0
# scan_time=3741
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP1024\A0074080.exe	probably a variant of Win32/Agent.JKLAKTK trojan (unable to clean)	00000000000000000000000000000000	I
D:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP1024\A0074458.exe	probably a variant of Win32/Agent.BOTQBBQ trojan (unable to clean)	00000000000000000000000000000000	I
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: wolfenstien logs

Unread postby Gary R » April 16th, 2011, 5:59 pm

Please re-select all the items in the startup menu of msconfig, if you don't want them to auto start then we can fix that permanently once we've got your computer working again.

Your C:\ drive only has 4% free space which is why your computer is running slowly. Windows needs a minimum of about 20% free disk space otherwise your processor will have to page out all the time.

Once you've re-enabled all the items in msconfig run a new scan with OTL using the instructions below.

Download OTL by OldTimer to your Desktop.

Alternative Download

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: wolfenstien logs

Unread postby wolfenstien » April 16th, 2011, 8:17 pm

New OTL log after all start up items have been selected and rebooted.

OTL logfile created on: 4/16/2011 8:09:41 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Snake\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.00 Mb Total Physical Memory | 82.00 Mb Available Physical Memory | 12.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.22 Gb Total Space | 1.04 Gb Free Space | 3.97% Space Free | Partition Type: FAT32
Drive D: | 26.71 Gb Total Space | 14.09 Gb Free Space | 52.74% Space Free | Partition Type: FAT32
Drive E: | 914.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ACER-2 | User Name: Snake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/16 20:08:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Snake\Desktop\OTL.exe
PRC - [2011/04/09 23:58:58 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/24 00:46:58 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/09 08:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/01/29 17:20:50 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2007/01/24 14:24:26 | 000,151,552 | ---- | M] () -- C:\WINDOWS\SQ931STI.exe
PRC - [2006/11/02 14:20:22 | 000,497,152 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
PRC - [2006/10/16 14:32:40 | 000,848,888 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2006/05/24 14:31:40 | 001,372,160 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
PRC - [2006/05/24 14:31:08 | 000,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
PRC - [2006/01/19 11:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
PRC - [2006/01/13 19:36:30 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
PRC - [2005/11/16 16:54:56 | 000,385,024 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005/11/08 18:00:40 | 000,128,920 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2005/10/12 15:16:04 | 000,315,392 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005/03/09 18:59:26 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Arcade\PCMService.exe
PRC - [2005/03/04 13:13:04 | 000,032,768 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe
PRC - [2005/02/23 18:13:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/01/04 16:52:52 | 000,331,776 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2004/10/07 23:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2004/08/14 04:42:20 | 000,036,864 | ---- | M] () -- C:\Program Files\mobile PhoneTools\WatchDog.exe
PRC - [2004/08/04 05:00:00 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorered.exe
PRC - [2004/08/04 05:00:00 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE


========== Modules (SafeList) ==========

MOD - [2011/04/16 20:08:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Snake\Desktop\OTL.exe
MOD - [2006/08/25 10:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/10/07 23:44:16 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/27 16:42:36 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Shared Files\CLRCEngine.dll
MOD - [2004/08/04 05:00:00 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2004/08/04 05:00:00 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2004/08/04 05:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2004/08/04 05:00:00 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2004/08/04 05:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2004/08/04 05:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/30 15:53:14 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/05/02 17:34:28 | 005,027,328 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files\wLite\wService.exe -- (wxpSvc)
SRV - [2006/10/16 14:32:40 | 000,848,888 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2006/05/24 14:31:08 | 000,372,736 | ---- | M] () [Auto | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)
SRV - [2004/10/29 15:29:16 | 000,086,016 | ---- | M] (NetGroup - Politecnico di Torino) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)


========== Driver Services (SafeList) ==========

DRV - [2009/04/06 19:13:10 | 000,045,344 | ---- | M] (FotoNation Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CoachVid.sys -- (CoachVid)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/08/16 20:45:06 | 000,533,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt931a.sys -- (SQ931)
DRV - [2007/02/15 19:57:06 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/10/20 12:42:42 | 000,020,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/10/06 06:31:00 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/10/06 06:28:28 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2005/10/31 17:44:40 | 000,010,880 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper)
DRV - [2005/03/02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/02/25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/02/24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/05 01:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/10/29 15:14:04 | 000,032,000 | ---- | M] (NetGroup - Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2004/10/07 19:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/11 01:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 05:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2003/12/05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/def ... earch.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-754788786-1973002913-4074281658-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE - HKU\S-1-5-21-754788786-1973002913-4074281658-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-754788786-1973002913-4074281658-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {55ce2530-61df-4ddc-b287-feae64e70575}:0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/01/23 19:13:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/01/23 19:13:48 | 000,000,000 | ---D | M]

[2009/11/30 19:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Snake\Application Data\Mozilla\Extensions
[2011/03/24 00:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Snake\Application Data\Mozilla\Extensions\home2@tomtom.com
[2008/01/23 19:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Snake\Application Data\Mozilla\Firefox\Profiles\olwtizpe.default\extensions
[2010/02/06 17:30:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Snake\Application Data\Mozilla\Firefox\Profiles\olwtizpe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/25 02:01:58 | 000,000,000 | ---D | M] (RefreshBlocker) -- C:\Documents and Settings\Snake\Application Data\Mozilla\Firefox\Profiles\olwtizpe.default\extensions\{55ce2530-61df-4ddc-b287-feae64e70575}
[2008/01/23 19:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/26 23:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/26 22:59:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (CoTGT_BHO Class) - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll ()
O3 - HKU\S-1-5-21-754788786-1973002913-4074281658-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SQ931STI] C:\WINDOWS\SQ931STI.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe ()
O4 - HKU\S-1-5-21-754788786-1973002913-4074281658-1005..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-754788786-1973002913-4074281658-1005..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe ()
O4 - HKU\S-1-5-21-754788786-1973002913-4074281658-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-754788786-1973002913-4074281658-1005..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-754788786-1973002913-4074281658-1005..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-754788786-1973002913-4074281658-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftup ... 4143735481 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 4143720075 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (explorered.exe) - C:\WINDOWS\explorered.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Program Files\TGTSoft\StyleXP\CurrentLogon.EXE) - C:\Program Files\TGTSoft\StyleXP\CurrentLogon.EXE (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Snake\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Snake\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/09 09:51:26 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/03/13 00:30:32 | 085,065,133 | ---- | M] () - D:\AutostarWeb50.EXE -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/16 20:08:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Snake\Desktop\OTL.exe
[2011/04/16 20:04:54 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2011/04/15 22:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/15 22:46:56 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Snake\Desktop\esetsmartinstaller_enu.exe
[2011/04/15 13:13:20 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Snake\Desktop\TDSSKiller.exe
[2011/04/08 16:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Snake\Application Data\Foxit Software
[2011/04/03 22:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Snake\My Documents\Wood Working Plans
[2011/04/03 22:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2011/04/03 22:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/04/03 20:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\webcamXP 5
[2011/04/03 20:27:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\webcamXP 5
[2011/04/03 20:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\wLite
[2011/03/30 22:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/03/24 00:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/03/24 00:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Snake\My Documents\TomTom
[2011/03/24 00:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Snake\Local Settings\Application Data\TomTom
[2011/03/24 00:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Snake\Application Data\TomTom
[2011/03/24 00:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Snake\Start Menu\Programs\TomTom
[2011/03/24 00:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2011/03/24 00:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2011/03/21 03:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Snake\Application Data\Stellarium
[2011/03/21 03:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stellarium
[2011/03/21 03:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Stellarium
[2008/01/12 18:26:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Snake\Application Data\pcouffin.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/16 20:09:50 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/16 20:09:50 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/16 20:08:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Snake\Desktop\OTL.exe
[2011/04/16 20:06:34 | 000,000,494 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011/04/16 20:05:52 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/04/16 20:05:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/16 20:05:02 | 736,677,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/16 19:59:40 | 000,000,353 | RHS- | M] () -- C:\boot.ini
[2011/04/15 22:47:04 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Snake\Desktop\esetsmartinstaller_enu.exe
[2011/04/15 13:12:34 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\tdsskiller.zip
[2011/04/13 22:00:18 | 000,367,183 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\Bed_time_by_l2ayner.jpg
[2011/04/12 12:41:46 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\dds.scr
[2011/04/11 02:30:22 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/08 22:29:12 | 000,008,375 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\attachments_2011_04_08.zip
[2011/04/08 19:29:10 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\old8_footer2.gif
[2011/04/08 19:29:08 | 000,007,451 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\oldies81.jpg
[2011/04/07 02:52:36 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\Snake\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2011/04/06 15:46:28 | 000,189,571 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\lowes waver bird house.pdf
[2011/04/06 11:50:12 | 000,189,569 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\Lowes Waver Form.pdf
[2011/04/03 22:04:54 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\Snake\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/04/03 22:04:54 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/04/03 20:57:14 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Snake\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/03 19:43:02 | 000,001,443 | ---- | M] () -- C:\Documents and Settings\Snake\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2011/03/30 22:23:24 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/03/26 03:12:24 | 003,629,981 | ---- | M] () -- C:\Documents and Settings\Snake\Desktop\LHD45EL_LHD65EL_LHD65EBL.pdf
[2011/03/21 03:38:18 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Stellarium.lnk
[2011/03/20 02:02:40 | 000,002,095 | ---- | M] () -- C:\WINDOWS\AutostarSuite.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/16 19:59:36 | 000,001,421 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
[2011/04/15 13:12:49 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\tdsskiller.zip
[2011/04/13 22:00:15 | 000,367,183 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\Bed_time_by_l2ayner.jpg
[2011/04/12 12:41:54 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\dds.scr
[2011/04/08 22:30:52 | 000,007,451 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\oldies81.jpg
[2011/04/08 22:30:52 | 000,000,914 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\old8_footer2.gif
[2011/04/08 22:29:22 | 000,008,375 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\attachments_2011_04_08.zip
[2011/04/06 15:46:27 | 000,189,571 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\lowes waver bird house.pdf
[2011/04/06 11:50:11 | 000,189,569 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\Lowes Waver Form.pdf
[2011/04/03 22:04:53 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\Snake\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/04/03 22:04:53 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/03/30 22:23:22 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/03/26 03:11:30 | 003,629,981 | ---- | C] () -- C:\Documents and Settings\Snake\Desktop\LHD45EL_LHD65EL_LHD65EBL.pdf
[2011/03/21 03:38:16 | 000,001,540 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Stellarium.lnk
[2010/09/08 23:16:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2010/09/08 23:16:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/03/13 00:10:24 | 000,708,608 | ---- | C] () -- C:\WINDOWS\SQCap.exe
[2009/03/13 00:10:24 | 000,151,552 | ---- | C] () -- C:\WINDOWS\SQ931STI.exe
[2009/03/13 00:10:23 | 000,015,346 | ---- | C] () -- C:\WINDOWS\931TwCfg.INI
[2009/03/13 00:10:22 | 000,533,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\Capt931a.sys
[2009/03/13 00:10:22 | 000,032,256 | ---- | C] () -- C:\WINDOWS\PCCam.exe
[2009/03/13 00:10:22 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\Camd931a.sys
[2009/03/12 16:29:40 | 000,002,095 | ---- | C] () -- C:\WINDOWS\AutostarSuite.ini
[2009/03/12 15:14:48 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008/04/05 15:34:09 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SA2004.ini
[2008/01/23 19:14:51 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/12 18:26:40 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Snake\Application Data\ezpinst.exe
[2008/01/12 18:26:40 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Snake\Application Data\pcouffin.cat
[2008/01/12 18:26:40 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Snake\Application Data\pcouffin.inf
[2007/03/13 19:38:56 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/11/02 14:17:01 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\Snake\Application Data\.zreglib
[2006/10/06 08:01:55 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2006/10/06 08:01:44 | 000,000,041 | ---- | C] () -- C:\WINDOWS\FindServ.INI
[2006/10/06 07:15:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/06 06:45:46 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/06 06:30:59 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/10/06 06:28:27 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd7869.sys
[2006/10/06 05:55:44 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Snake\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/05 23:14:54 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006/08/27 20:04:52 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
[2006/08/27 20:04:52 | 000,002,790 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2005/03/09 09:53:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/03/09 09:51:52 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/03/09 09:50:58 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/03/09 09:50:58 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/03/09 09:50:58 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/03/09 09:50:58 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/03/07 12:32:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/07 12:31:50 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2005/03/07 12:26:42 | 000,445,938 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/03/07 12:26:42 | 000,072,978 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/03/07 12:22:46 | 000,000,313 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/03/07 12:22:46 | 000,000,222 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005/03/07 12:22:46 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/03/07 12:18:32 | 000,311,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/07 12:08:02 | 000,201,667 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/03/07 11:49:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/03/07 11:47:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/03/04 14:51:52 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/02/21 14:37:36 | 000,001,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/02/02 19:35:02 | 000,037,774 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/04 17:00:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/11/24 14:05:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2004/10/27 15:47:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2004/09/07 14:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/15 06:01:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2003/11/26 16:10:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2003/11/26 16:10:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/24 01:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/26 17:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/26 17:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/07/06 00:19:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

========== LOP Check ==========

[2006/10/06 06:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/01/12 18:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2009/11/20 18:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/12/16 16:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2011/03/24 00:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/04/03 20:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\webcamXP 5
[2006/10/09 08:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\SlySoft
[2006/10/12 18:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\Opera
[2007/01/24 20:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\Musicmatch
[2008/01/12 18:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\Vso
[2008/04/05 15:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\DeLorme
[2008/10/29 13:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\uTorrent
[2009/11/30 19:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\Unity
[2010/06/24 19:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\SmartDraw
[2010/06/24 19:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\HotSync
[2011/03/21 03:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\Stellarium
[2011/03/24 00:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\TomTom
[2011/04/08 16:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Snake\Application Data\Foxit Software
[2011/04/16 20:05:52 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



< End of report >
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: wolfenstien logs

Unread postby wolfenstien » April 16th, 2011, 8:41 pm

and here is the extra log

OTL Extras logfile created on: 4/16/2011 8:09:41 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Snake\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.00 Mb Total Physical Memory | 82.00 Mb Available Physical Memory | 12.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.22 Gb Total Space | 1.04 Gb Free Space | 3.97% Space Free | Partition Type: FAT32
Drive D: | 26.71 Gb Total Space | 14.09 Gb Free Space | 52.74% Space Free | Partition Type: FAT32
Drive E: | 914.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ACER-2 | User Name: Snake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1037:TCP" = 1037:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\flashfxp.exe" = C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\FlashFXP\flashfxp.exe" = C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\wLite\wLite.exe" = C:\Program Files\wLite\wLite.exe:*:Enabled:webcamXP -- (Moonware Studios)
"C:\Program Files\wLite\wService.exe" = C:\Program Files\wLite\wService.exe:*:Enabled:webcamXP Service -- (Moonware Studios)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{236E24F2-D767-406B-B2F0-892D3A0DEA4A}" = USB 2.0 Video Camera
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5242A858-AD61-4130-92D4-BDF5087CE562}" = NTI CD & DVD-Maker
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{69CC0647-7F98-4358-AAB6-4F65C0705400}" = NTI Backup NOW! 4
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{738179D8-3D76-4AFF-A7BE-AEF3B4370CB4}" = Opera 9.02
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 2.4.0.6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Akamai" = Akamai NetSession Interface
"AnyDVD" = AnyDVD
"Autostar Suite" = Autostar Suite
"Autostar Suite Astronomer Edition" = Autostar Suite Astronomer Edition
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"CloneCD" = CloneCD
"CloneDVD.exe_is1" = CloneDVD 3.9
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Envisage Install" = Envisage Install
"ESET Online Scanner" = ESET Online Scanner v3
"FlashFXP v3.17 (Build 1060) Scene Edition" = FlashFXP v3.17 (Build 1060) Scene Edition
"Foxit Reader" = Foxit Reader
"GridVista" = Acer GridVista
"hp deskjet 930c series" = hp deskjet 930c series (Remove only)
"ie8" = Windows Internet Explorer 8
"InstallShield_{5242A858-AD61-4130-92D4-BDF5087CE562}" = NTI CD & DVD-Maker Gold
"InstallShield_{69CC0647-7F98-4358-AAB6-4F65C0705400}" = NTI Backup NOW! 4
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"LManager" = Launch Manager
"Meade Astronomical Software" = Meade Astronomical Software
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"RealVNC_is1" = VNC Enterprise Edition E4.2.7
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Soulseek2" = SoulSeek 157 NS 13e
"Stellarium_is1" = Stellarium 0.10.6.1
"StyleXP" = StyleXP (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.1.2218
"uTorrent" = µTorrent
"Virtual Moon Altas Image Libraries" = Virtual Moon Altas Image Libraries
"Virtual Moon Atlas" = Virtual Moon Atlas
"VLC media player" = VLC media player 1.1.8
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPcapInst" = WinPcap 3.1 beta4
"WinRAR archiver" = WinRAR archiver
"wLite" = webcamXP Lite
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-754788786-1973002913-4074281658-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SmartDraw 2010" = SmartDraw 2010
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 9/5/2010 1:56:06 PM | Computer Name = ACER-2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 9/7/2010 1:47:13 AM | Computer Name = ACER-2 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 9/7/2010 1:47:13 AM | Computer Name = ACER-2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 9/7/2010 1:47:13 AM | Computer Name = ACER-2 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 9/7/2010 1:47:13 AM | Computer Name = ACER-2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 9/7/2010 1:47:13 AM | Computer Name = ACER-2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 9/7/2010 1:47:41 AM | Computer Name = ACER-2 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
the Network Card with network address 0016362F8EC5.

Error - 9/7/2010 2:03:00 AM | Computer Name = ACER-2 | Source = Dhcp | ID = 1002
Description = The IP address lease 76.123.116.240 for the Network Card with network
address 0016362F8EC5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/7/2010 2:07:45 AM | Computer Name = ACER-2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0016362F8EC5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/8/2010 2:32:28 PM | Computer Name = ACER-2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0016362F8EC5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: wolfenstien logs

Unread postby Gary R » April 17th, 2011, 1:48 am


  • Download MGA Diagnostic Tool to your Desktop.
  • Double click MGADiag.exe to launch the programme.
  • Click Continue and let the scan run.
  • When finished it will have created a log.
  • Click Copy.
  • Next open Notepad.
    • Click Start > Run type Notepad click OK.
    • This will open an empty Notepad file.
    • Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
    • Save the file to your Desktop.
  • Close MGA Diagnostic Tool.
  • Copy/Paste the log in your next reply please.

Next

Download CKScanner to your Desktop.
  • Doubleclick CKScanner.exe to launch it.
  • Click Search For Files.
  • After a couple minutes a list will appear in the panel to the right.
  • Click Save List To File.
  • A message box will verify the file saved.
  • Close CKScanner.
  • Copy/paste the contents of ckfiles.txt in your next reply please (it will be on your Desktop).
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: wolfenstien logs

Unread postby wolfenstien » April 17th, 2011, 4:08 am

MGA Log:

Code: Select all
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-36J2P-HT3T3-QPMFB
Windows Product Key Hash: +NNF346DA3Rr/gGjXZtwAv8AQuM=
Windows Product ID: 76477-OEM-2111907-00100
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.2.0.hom
ID: {3530AA7C-2843-4F4F-B97C-E849D4194692}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3530AA7C-2843-4F4F-B97C-E849D4194692}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-QPMFB</PKey><PID>76477-OEM-2111907-00100</PID><PIDType>2</PIDType><SID>S-1-5-21-754788786-1973002913-4074281658</SID><SYSTEM><Manufacturer>Acer, inc.</Manufacturer><Model>Aspire 3000     </Model></SYSTEM><BIOS><Manufacturer>Acer   </Manufacturer><Version>3A32</Version><SMBIOSVersion major="2" minor="31"/><Date>20060220000000.000000+000</Date><SLPBIOS>AcerSystem ,AcerSystem </SLPBIOS></BIOS><HWID>B1C13307018400EC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Acer Inc.</name><model>AcerSystem</model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57507</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>  

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 17EF3:Acer Incorporated
Marker string from OEMBIOS.DAT: AcerSystem ,AcerSystem 

OEM Activation 2.0 Data-->
N/A

wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: wolfenstien logs

Unread postby wolfenstien » April 17th, 2011, 4:18 am

CKFiles Log

Code: Select all
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\musicmatch\musicmatch jukebox\crypt.dll
c:\program files\musicmatch\musicmatch update\mmjb\crypt.dll
c:\program files\jasc software inc\paint shop pro 9\bump maps\cracked desert.pspimage
c:\program files\jasc software inc\paint shop pro 9\patterns\cracked paint.pspimage
scanner sequence 3.CA.11
 ----- EOF ----- 
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: wolfenstien logs

Unread postby Gary R » April 17th, 2011, 12:46 pm

Your logs say are using a cracked/illegal version of Windows.

It is not the policy of this forum to work on computers that do not have a copy of Windows that has been properly validated by Microsoft.

I suggest one of 2 options for you ....
  1. If you believe your copy of Windows is legitimate, contact Microsoft and re-validate it.
  2. Reformat your hard drive and either ....
    1. Install a "paid for" version of Windows.
    2. Use one of the freeware Linux installations.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware