Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32/ olmark [Solved]

Started by marina21 , Jan 19 2010 10:25 AM

  • This topic is locked This topic is locked

#1
marina21
Posted 19 January 2010 - 10:25 AM

marina21

    Member

  • Member
  • PipPip
  • 16 posts
i run system scans and found win32/olmark and win32/kryptik four different kryptik files found using eset nod32 for scaning and virusprotection now they are in quarantine but i cant remove them everytime i scan my pc it shows win32/olmark found take action to clean unable. please help me i am running windows xp service pack3 i am not pc educated lol if i was i wouldnt be here.

thank you in advance
  • 0

Advertisements

#2
Rorschach112
Posted 19 January 2010 - 10:29 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    CREATERESTOREPOINT
    %PROGRAMFILES%\*.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

  • 0

#3
marina21
Posted 19 January 2010 - 10:56 AM

marina21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 179.80 Gb Free Space | 77.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-O3Q7XTM3HM
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/19 11:36:36 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\programi\OTL.exe
PRC - [2009/12/11 14:00:44 | 13,006,104 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2009/11/16 09:04:30 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/11/16 09:03:32 | 02,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/10/26 15:45:38 | 00,843,032 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/02 12:30:28 | 00,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/08 05:53:34 | 00,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 15:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/06 18:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/02/03 23:41:55 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2009/02/03 08:15:18 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2003/06/07 05:32:32 | 00,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2002/10/14 15:03:18 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2002/10/14 15:00:41 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/19 11:36:36 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\programi\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (x10nets)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/12/24 00:32:06 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/11/16 09:12:54 | 00,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 09:04:30 | 00,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/02 12:30:28 | 00,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/02/03 23:41:55 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/02/03 21:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/07 16:40:52 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002/10/14 15:03:18 | 00,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)


========== Driver Services (SafeList) ==========

DRV - [2009/11/16 09:06:50 | 00,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/11/16 09:03:36 | 00,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 08:56:12 | 00,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/08/05 22:48:42 | 00,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/17 03:10:00 | 00,297,728 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009/06/10 11:23:04 | 00,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009/06/10 11:23:04 | 00,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2009/02/04 02:27:21 | 03,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/09/26 09:53:00 | 00,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/09/26 09:53:00 | 00,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/09/26 09:52:00 | 00,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/09/26 09:52:00 | 00,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/09/26 09:52:00 | 00,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/09/26 09:52:00 | 00,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/13 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/09/05 04:03:00 | 00,049,664 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/08/12 21:56:10 | 00,023,600 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32)
DRV - [2006/03/23 13:28:26 | 04,249,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/22 22:14:37 | 00,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/10/05 15:57:08 | 00,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/07/22 11:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:10 | 00,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 11:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/07 20:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/09/07 18:57:00 | 00,316,152 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2004/08/04 00:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/22 14:27:20 | 00,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/22 14:01:38 | 00,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/02/05 01:49:56 | 00,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/01/23 09:52:31 | 00,258,044 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atirwvd.sys -- (ATI Remote Wonder II)
DRV - [2003/12/31 11:58:46 | 00,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/11/13 21:17:00 | 01,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/03/31 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/03/31 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [1996/09/27 09:10:48 | 00,003,584 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DLPORTIO.sys -- (DLPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1393686759-595018682-376868852-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1393686759-595018682-376868852-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com
IE - HKU\S-1-5-21-1393686759-595018682-376868852-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsear.......p;l=zj&o=sb
IE - HKU\S-1-5-21-1393686759-595018682-376868852-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1393686759-595018682-376868852-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1393686759-595018682-376868852-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1393686759-595018682-376868852-1003\S-1-5-21-1393686759-595018682-376868852-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?...?o=20011&l=dis"


FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.4\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2009/12/14 19:32:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.4\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/01/18 00:37:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/01/17 19:37:50 | 00,000,000 | ---D | M]

[2009/03/09 17:28:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/03/09 17:28:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2009/12/17 09:46:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ioj4rka3.default\extensions
[2009/04/11 11:01:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/04/15 18:28:31 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: ([2007/09/29 09:15:42 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Zango) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1393686759-595018682-376868852-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1393686759-595018682-376868852-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1393686759-595018682-376868852-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1393686759-595018682-376868852-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1393686759-595018682-376868852-1003..\Run: [Pareto_Update] C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1393686759-595018682-376868852-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1393686759-595018682-376868852-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1393686759-595018682-376868852-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1393686759-595018682-376868852-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1393686759-595018682-376868852-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/08/31 12:28:37 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/08/31 12:28:37 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/08/31 12:28:37 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/08/31 12:28:37 | 00,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1393686759-595018682-376868852-1003\..Trusted Domains: future-fta.info ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1393686759-595018682-376868852-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1393686759-595018682-376868852-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1393686759-595018682-376868852-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1393686759-595018682-376868852-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0172828C-CB7D-4C10-AF96-0ED9B52DCFDC} http://update.g2gcdn...r/GameOnG2G.cab (GameOnG2GCtrl Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Dream%20Chronicles%20-%20The%20Chosen%20Child/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.7.109.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse...se/ghplayer.cab (GameHouse Games Player)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} http://chill.comcast...web.1.0.0.9.cab (CPlayFirstdreamControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} http://games.bigfish...BGamePlayer.cab (Jolly Bear Games Player)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://www.gamehouse...zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Charm%20Tale%202%20-%20Mermaid%20Lagoon/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://download.game...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.106.1.196 65.106.7.196
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\polsumgr: DllName - sdmngr.dll - C:\WINDOWS\System32\sdmngr.dll (AutoProf®)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/02/04 20:56:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/01/10 17:24:39 | 00,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Metacafe.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeUpdater - hkey= - key= - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: AlcWzrd - hkey= - key= - C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
MsConfig - StartUpReg: ATI DeviceDetect - hkey= - key= - C:\Program Files\ATI Multimedia\main\ATIDtct.EXE (ATI Technologies Inc.)
MsConfig - StartUpReg: ATI Remote Control - hkey= - key= - C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE (ATI Technologies Inc.)
MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
MsConfig - StartUpReg: High Definition Audio Property Page Shortcut - hkey= - key= - File not found
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: ProfilerU - hkey= - key= - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: RDFNSAgent - hkey= - key= - C:\Program Files\RegDefense\RDFNSAgent.exe File not found
MsConfig - StartUpReg: RDFNSListener - hkey= - key= - C:\Program Files\RegDefense\RDFNSListener.exe File not found
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SaiMfd - hkey= - key= - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
MsConfig - StartUpReg: Search Protection - hkey= - key= - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
MsConfig - StartUpReg: Shockwave Updater - hkey= - key= - File not found
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: SunKistEM - hkey= - key= - C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: xvlwwurv - hkey= - key= - C:\Documents and Settings\NetworkService\Local Settings\Application Data\skgqhg\yqbbsysguard.exe File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {ae594d5e-dd07-4e54-8252-daa5aebbd4ec} - KB905915
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\ffdshow\ffdshow.ax ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (51231838785503232)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/18 00:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\skgqhg
[2010/01/17 21:48:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ESET
[2010/01/17 19:38:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/01/17 19:21:49 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/01/17 19:21:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/01/17 11:51:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2010/01/17 10:40:44 | 00,000,000 | ---D | C] -- C:\Program Files\RegDefense
[2010/01/17 10:26:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations
[2010/01/17 09:14:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Tific
[2010/01/17 09:14:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
[2010/01/17 03:51:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Yahoo
[2010/01/17 03:44:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/17 03:42:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Windows Search
[2010/01/17 03:40:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/01/17 03:40:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/01/17 03:34:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/01/17 03:34:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/01/15 16:59:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/01/11 20:17:21 | 00,024,576 | ---- | C] (Hilgraeve Inc.) -- C:\WINDOWS\System32\hashelex.dll
[2010/01/11 20:17:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\PreviewSoft
[2010/01/11 20:17:13 | 00,000,000 | ---D | C] -- C:\Program Files\HAWin32
[2010/01/11 15:32:47 | 00,000,000 | ---D | C] -- C:\Program Files\Gateway
[2010/01/09 21:32:48 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/01/09 19:53:31 | 00,722,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB40032.DLL
[2010/01/09 19:53:31 | 00,034,816 | ---- | C] (Scientific Software Tools, Inc.) -- C:\WINDOWS\System32\DLPORTIO.dll
[2010/01/09 19:53:31 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Ctl3d32.dll
[2010/01/09 19:53:30 | 00,000,000 | ---D | C] -- C:\Program Files\DLPortIO
[2010/01/04 23:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/01/03 23:40:56 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2010/01/03 23:40:56 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2009/12/31 16:56:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Slingo Mystery Documents
[2009/12/30 15:05:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\EnchantedCavern
[2009/12/27 22:05:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Awem
[2009/12/22 15:23:03 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/12/22 14:02:48 | 09,409,992 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windows-kb890830-v3.2.exe
[2009/12/22 13:19:36 | 01,146,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2009/12/21 16:20:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2009/12/17 15:58:31 | 00,078,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\AutoFix.exe
[2009/12/11 13:46:03 | 01,884,280 | ---- | C] (W3i, LLC) -- C:\Program Files\ffdshow.exe
[2009/12/09 17:43:53 | 00,207,880 | ---- | C] (Big Fish Games) -- C:\Program Files\bigfishgames_p59065584_s1_l1.exe
[2009/11/30 12:14:17 | 46,324,304 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSVideoConverter.exe
[2009/10/28 23:59:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/28 01:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/10/28 01:51:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/10/28 00:59:19 | 00,469,736 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB885626-v2-x86-enu.exe
[2009/10/26 11:00:54 | 89,105,136 | ---- | C] (Symantec Corporation) -- C:\Program Files\NAV2010_17.0_Build_136_OEM90_Microsoft.exe
[2009/10/26 10:06:15 | 01,505,704 | ---- | C] (Microsoft Corporation) -- C:\Program Files\SetupOneCare.exe
[2009/08/23 15:14:11 | 01,045,496 | ---- | C] (PC Drivers HeadQuarters ) -- C:\Program Files\driverdetective.exe
[2009/08/23 15:01:06 | 01,346,560 | ---- | C] (Matsushita Electric Industrial Co., Ltd. ) -- C:\Program Files\sdfv2000.exe
[2009/05/26 14:55:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/04/20 09:32:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/12 11:21:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/04/03 11:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2009/04/03 11:14:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\COMCASTTOOLBAR
[2009/01/11 09:48:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2008/01/25 10:14:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2007/11/10 20:07:22 | 15,452,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2007/11/09 17:20:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2007/06/23 11:40:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2006/12/31 00:26:12 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2004/02/04 20:59:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/19 11:23:11 | 00,347,648 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\enod32 quarantine.doc
[2010/01/19 11:17:00 | 00,000,204 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/01/19 11:12:00 | 00,000,204 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/01/19 11:10:46 | 08,912,896 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/01/19 11:00:00 | 00,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\AB1E92F891910E8C.job
[2010/01/19 09:38:34 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DC989DA2-5D4B-4C08-BA1E-3BE4B5A54075}.job
[2010/01/19 09:38:15 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/19 09:35:40 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/19 09:35:10 | 00,000,378 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/19 09:35:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/19 09:34:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/19 09:34:52 | 21,449,76896 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/19 02:50:05 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/19 00:33:00 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/01/19 00:25:21 | 36,108,832 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/01/19 00:25:21 | 00,043,552 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/01/19 00:25:21 | 00,042,740 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/01/19 00:25:21 | 00,005,156 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/01/19 00:06:11 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/01/18 19:49:16 | 00,003,708 | ---- | M] () -- C:\rollback.ini
[2010/01/18 00:37:39 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/17 18:00:04 | 00,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/01/17 17:14:04 | 00,441,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/17 17:14:04 | 00,071,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/17 17:13:44 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/17 11:35:07 | 03,196,180 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/01/17 10:41:47 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/17 10:41:42 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/17 10:06:58 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/01/17 02:25:00 | 00,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
| M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/14 12:53:01 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\complaint for nfusion.doc
[2010/01/14 11:13:29 | 00,093,200 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/14 10:35:23 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\francis phoneix help.doc
[2010/01/11 20:28:09 | 00,000,502 | -H-- | M] () -- C:\os985612.bin
[2010/01/11 20:28:09 | 00,000,464 | -H-- | M] () -- C:\WINDOWS\System32\ws811164.ocx
[2010/01/11 18:26:03 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\nfusion phoneix fix.doc
[2010/01/11 17:53:41 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/11 17:53:29 | 00,097,792 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\How to Lose 20 lbs.doc
[2010/01/11 15:22:16 | 01,099,758 | ---- | M] () -- C:\Program Files\gtwupd.exe
[2010/01/09 21:49:06 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\nfusion help.doc
[2010/01/08 20:16:41 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/08 19:30:09 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\AVSMediaPlayer.m3u
[2010/01/06 21:48:48 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\phoenix.doc
[2010/01/04 00:23:53 | 00,550,670 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/03 23:57:23 | 00,081,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2009/12/30 02:18:40 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2009/12/26 20:16:37 | 00,081,920 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/22 14:08:56 | 00,176,640 | ---- | M] () -- C:\Program Files\Malware Removal Starter Kit.doc
[2009/12/22 14:02:50 | 09,409,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\windows-kb890830-v3.2.exe
[2009/12/22 13:19:52 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/12/22 13:19:43 | 01,146,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2009/12/21 20:43:38 | 00,858,421 | ---- | M] () -- C:\Program Files\osiguranje.zip
[2009/12/21 17:26:36 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\phenix new.doc
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/19 11:23:11 | 00,347,648 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\enod32 quarantine.doc
[2010/01/19 00:00:25 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/01/18 00:37:39 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/17 12:19:04 | 36,108,832 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/01/17 12:19:04 | 00,043,552 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/01/17 12:19:04 | 00,042,740 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/01/17 12:19:04 | 00,005,156 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/01/17 12:18:50 | 00,003,708 | ---- | C] () -- C:\rollback.ini
[2010/01/17 10:41:22 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/15 16:38:07 | 00,000,204 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/01/15 16:38:00 | 00,000,204 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/01/14 11:21:45 | 00,037,888 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\complaint for nfusion.doc
[2010/01/14 10:35:23 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\francis phoneix help.doc
[2010/01/11 20:17:34 | 00,000,502 | -H-- | C] () -- C:\os985612.bin
[2010/01/11 20:17:34 | 00,000,464 | -H-- | C] () -- C:\WINDOWS\System32\ws811164.ocx
[2010/01/11 20:17:21 | 00,015,819 | ---- | C] () -- C:\WINDOWS\System32\VSPELLER.HLP
[2010/01/11 18:26:01 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\nfusion phoneix fix.doc
[2010/01/11 17:53:41 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/11 17:53:28 | 00,097,792 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\How to Lose 20 lbs.doc
[2010/01/11 16:40:06 | 21,449,76896 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/11 15:22:13 | 01,099,758 | ---- | C] () -- C:\Program Files\gtwupd.exe
[2010/01/09 21:49:04 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\nfusion help.doc
[2010/01/09 19:53:31 | 00,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\DLPORTIO.sys
[2010/01/06 21:48:47 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\phoenix.doc
[2010/01/03 23:08:31 | 00,000,354 | ---- | C] () -- C:\WINDOWS\tasks\Driver Robot.job
[2009/12/22 19:25:49 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/22 19:25:39 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2009/12/22 14:08:54 | 00,176,640 | ---- | C] () -- C:\Program Files\Malware Removal Starter Kit.doc
[2009/12/21 20:43:22 | 00,858,421 | ---- | C] () -- C:\Program Files\osiguranje.zip
[2009/12/21 17:26:35 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\phenix new.doc
[2009/12/16 13:26:44 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/12/16 13:26:44 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/12/16 13:26:44 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/12/16 13:26:44 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/12/14 23:15:26 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AVSMediaPlayer.m3u
[2009/11/09 15:59:24 | 01,231,006 | ---- | C] () -- C:\Program Files\bluecros-ins.zip
[2009/11/03 14:45:31 | 00,247,088 | ---- | C] () -- C:\Program Files\chdata.zip
[2009/10/26 09:44:03 | 05,154,304 | ---- | C] () -- C:\Program Files\WindowsDefender.msi
[2009/08/25 15:06:40 | 00,057,856 | ---- | C] () -- C:\Program Files\Denial letter - Arijela Cosic.doc
[2009/08/23 16:01:00 | 00,000,022 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2009/08/18 21:51:10 | 12,589,744 | ---- | C] () -- C:\Program Files\pal_install_a100_r1005.exe
[2009/07/23 18:17:36 | 00,180,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/18 00:21:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/04/12 19:55:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2009/03/22 14:44:20 | 00,023,310 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\slot1.mm1
[2008/11/11 09:14:11 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AdobeUpdater.rbt
[2008/04/05 15:00:48 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/04/05 14:59:36 | 00,001,021 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/04/03 18:35:42 | 00,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/04/03 18:28:11 | 50,154,448 | ---- | C] () -- C:\Program Files\yahoo_azada_tm6-2.exe
[2007/09/14 09:46:26 | 00,429,792 | ---- | C] () -- C:\Program Files\pansat.zip
[2007/06/23 11:34:53 | 00,001,099 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/12/11 16:27:08 | 00,000,113 | ---- | C] () -- C:\WINDOWS\PINOCHLE.INI
[2006/12/10 19:12:48 | 00,000,423 | ---- | C] () -- C:\WINDOWS\MVPWORD.INI
[2006/12/10 18:46:33 | 00,000,139 | ---- | C] () -- C:\WINDOWS\chmpchss.INI
[2006/12/10 13:47:32 | 00,000,022 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2006/08/12 20:37:52 | 00,000,041 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/06/07 06:34:34 | 00,081,920 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/15 18:40:10 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/14 22:51:11 | 00,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/03/19 23:12:29 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/18 17:05:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/03/15 14:28:34 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/03/15 14:18:48 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/15 08:15:19 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2004/07/14 19:09:12 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/07/14 19:09:12 | 00,000,529 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/02/05 21:34:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/28 14:42:06 | 00,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2002/10/14 15:39:18 | 00,000,184 | ---- | C] () -- C:\WINDOWS\System32\lxbbcoin.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/02/04 20:56:59 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/16 14:27:42 | 00,132,576 | ---- | M] () -- C:\avi_log.txt
[2006/03/16 19:49:51 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2004/02/04 20:56:59 | 00,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010/01/19 09:34:52 | 21,449,76896 | -HS- | M] () -- C:\hiberfil.sys
[2004/02/04 20:56:59 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/01/08 23:49:21 | 00,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2004/02/04 21:54:43 | 00,000,863 | -H-- | M] () -- C:\IPH.PH
[2006/03/18 17:25:54 | 00,000,533 | ---- | M] () -- C:\mmcInst.log
[2004/02/04 20:56:59 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/12/17 15:28:27 | 00,100,934 | ---- | M] () -- C:\new_log.html
[2006/03/16 19:46:27 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/13 11:56:29 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/05/03 07:14:27 | 00,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/05/03 07:14:27 | 00,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/01/11 20:28:09 | 00,000,502 | -H-- | M] () -- C:\os985612.bin
[2010/01/19 09:34:50 | 21,453,86496 | -HS- | M] () -- C:\pagefile.sys
[2006/04/01 19:58:53 | 00,000,000 | ---- | M] () -- C:\pending.dat
[2009/01/29 18:59:10 | 00,000,204 | ---- | M] () -- C:\Plugins
[2010/01/18 19:49:16 | 00,003,708 | ---- | M] () -- C:\rollback.ini
[2009/01/24 11:03:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/01/24 22:40:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/01/25 12:12:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/01/26 09:06:51 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/02/09 10:04:07 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/02/09 18:33:24 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/02/09 18:39:15 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/02/10 09:08:26 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/02/10 13:03:06 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/02/10 16:27:21 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/02/11 10:25:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/02/11 12:50:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/02/11 13:02:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/03/11 23:22:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/03/11 23:40:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/01/22 09:29:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/01/22 17:19:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/01/23 10:17:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/01/23 16:09:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/01/23 23:23:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/01/24 11:03:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/01/24 22:40:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/01/25 12:12:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/01/26 09:06:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/02/09 10:04:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/02/09 18:33:23 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/02/09 18:39:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/02/10 09:08:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/02/10 13:03:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/02/10 16:27:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/02/11 10:25:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/02/11 12:50:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/02/11 13:02:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/03/11 23:22:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/03/11 23:40:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/01/22 09:29:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/01/22 17:19:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/01/23 10:17:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/01/23 16:09:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/01/23 23:23:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2005/10/31 10:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2009/02/19 19:45:37 | 00,000,002 | ---- | M] () -- C:\wizard.txt
[2007/05/07 20:03:26 | 00,000,146 | ---- | M] () -- C:\YServer.txt


< MD5 for: AGP440.SYS >
[2006/03/16 19:44:58 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/13 11:49:28 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/03/16 19:44:58 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/13 11:49:28 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 07:00:00 | 10,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2006/03/16 19:44:58 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/13 11:49:28 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2003/03/31 07:00:00 | 10,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2006/03/16 19:44:58 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/13 11:49:28 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/03/31 07:00:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2002/08/29 04:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/01/19 00:06:11 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/01/19 00:06:11 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0037\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0046\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0051\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0057\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/01/09 21:32:50 | 00,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2007/06/23 11:39:19 | 00,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 5.0 Sprint
[2009/10/16 23:37:50 | 00,000,000 | ---D | M] -- C:\Program Files\ACW
[2009/10/28 00:02:19 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/01/04 17:12:00 | 00,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2004/02/05 02:01:36 | 00,000,000 | ---D | M] -- C:\Program Files\Ahead
[2009/01/17 23:59:40 | 00,000,000 | ---D | M] -- C:\Program Files\AOL Games
[2006/03/15 14:23:43 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Multimedia
[2009/03/03 01:25:48 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/12/17 14:48:02 | 00,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2009/01/08 11:01:00 | 00,000,000 | ---D | M] -- C:\Program Files\AWS
[2009/11/21 13:53:51 | 00,000,000 | ---D | M] -- C:\Program Files\bfgclient
[2007/10/11 12:37:27 | 00,000,000 | ---D | M] -- C:\Program Files\BigFix
[2009/01/08 11:20:32 | 00,000,000 | ---D | M] -- C:\Program Files\BloodTies_at
[2009/11/09 16:00:01 | 00,000,000 | ---D | M] -- C:\Program Files\bluecros-ins
[2009/03/21 11:48:10 | 00,000,000 | ---D | M] -- C:\Program Files\Bytemagsname
[2009/07/13 08:57:35 | 00,000,000 | ---D | M] -- C:\Program Files\CA
[2009/12/17 01:33:54 | 00,000,000 | ---D | M] -- C:\Program Files\Canon
[2009/08/09 22:00:03 | 00,000,000 | ---D | M] -- C:\Program Files\Carbonite
[2009/03/22 16:50:06 | 00,000,000 | ---D | M] -- C:\Program Files\Chill
[2007/11/29 16:49:13 | 00,000,000 | ---D | M] -- C:\Program Files\Comcast Play Games
[2010/01/17 19:11:48 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/02/04 20:55:02 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2004/02/04 12:52:57 | 00,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/06/17 09:58:43 | 00,000,000 | ---D | M] -- C:\Program Files\Coupons
[2009/04/23 16:56:36 | 00,000,000 | ---D | M] -- C:\Program Files\Crcle Developement
[2009/12/16 13:26:37 | 00,000,000 | ---D | M] -- C:\Program Files\Cucusoft
[2004/02/04 22:17:23 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2006/05/06 13:19:25 | 00,000,000 | ---D | M] -- C:\Program Files\DIFX
[2004/02/05 20:46:07 | 00,000,000 | ---D | M] -- C:\Program Files\Digital Media Reader
[2009/11/30 17:49:13 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/01/10 23:40:20 | 00,000,000 | ---D | M] -- C:\Program Files\DLPortIO
[2009/12/16 14:37:51 | 00,000,000 | ---D | M] -- C:\Program Files\eGames
[2010/01/19 09:51:00 | 00,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/12/16 14:34:40 | 00,000,000 | ---D | M] -- C:\Program Files\Essentials Codec Pack
[2008/11/10 14:58:53 | 00,000,000 | ---D | M] -- C:\Program Files\F2atv_Forums
[2007/06/23 11:38:42 | 00,000,000 | ---D | M] -- C:\Program Files\FaxTools
[2009/12/16 23:13:41 | 00,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2009/12/16 19:35:42 | 00,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2009/04/14 13:35:47 | 00,000,000 | ---D | M] -- C:\Program Files\G2G
[2009/02/27 08:52:01 | 00,000,000 | ---D | M] -- C:\Program Files\GameHouse
[2010/01/18 23:42:39 | 00,000,000 | ---D | M] -- C:\Program Files\Gateway
[2009/12/22 19:58:25 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2010/01/18 22:50:45 | 00,000,000 | ---D | M] -- C:\Program Files\HAWin32
[2009/04/12 22:53:16 | 00,000,000 | ---D | M] -- C:\Program Files\Hidden Mysteries - Buckingham Palace
[2009/12/26 20:16:05 | 00,000,000 | ---D | M] -- C:\Program Files\Incomplete
[2010/01/09 17:25:47 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2004/02/04 21:06:02 | 00,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/07/18 00:20:28 | 00,000,000 | ---D | M] -- C:\Program Files\InterActual
[2009/12/09 16:52:27 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/10/15 21:33:31 | 00,000,000 | ---D | M] -- C:\Program Files\iWin Games
[2010/01/18 23:57:17 | 00,000,000 | ---D | M] -- C:\Program Files\iWin.com
[2009/12/11 20:33:52 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2008/12/22 17:59:58 | 00,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/06/17 09:57:36 | 00,000,000 | ---D | M] -- C:\Program Files\JSOFT
[2009/02/25 14:41:22 | 00,000,000 | ---D | M] -- C:\Program Files\Lexmark X74-X75
[2010/01/09 09:31:00 | 00,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2008/12/28 12:21:17 | 00,000,000 | ---D | M] -- C:\Program Files\Logitech
[2009/12/17 00:23:34 | 00,000,000 | ---D | M] -- C:\Program Files\Marvell
[2008/08/13 21:16:04 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/04/23 16:56:35 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2009/11/03 17:58:58 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/10/19 16:46:29 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2004/02/04 20:57:06 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/09/23 22:03:42 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2004/02/04 22:08:58 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Picture It! 9
[2009/09/09 19:47:13 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/03/21 11:42:21 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/03 18:03:12 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2007/10/19 16:46:09 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2004/02/04 22:04:28 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/07/23 17:35:26 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2006/09/24 17:43:54 | 00,000,000 | ---D | M] -- C:\Program Files\mIRC
[2008/08/13 12:01:43 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/04/11 11:01:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2007/10/19 16:43:31 | 00,000,000 | ---D | M] -- C:\Program Files\msaccrt
[2009/04/15 20:56:56 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/09/23 22:03:30 | 00,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/12/22 15:23:03 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/02/04 21:10:44 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Plus
[2004/02/04 20:54:18 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/03/22 17:38:25 | 00,000,000 | ---D | M] -- C:\Program Files\MsnMusic
[2007/08/30 17:45:14 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2006/03/29 11:56:57 | 00,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2009/10/28 00:33:58 | 00,000,000 | ---D | M] -- C:\Program Files\Nero
[2008/08/13 11:58:57 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2007/11/24 15:30:22 | 00,000,000 | ---D | M] -- C:\Program Files\Netscape
[2008/10/30 12:35:28 | 00,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2009/03/22 15:52:16 | 00,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2009/12/17 00:44:36 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/12/22 17:59:55 | 00,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2009/08/12 18:24:07 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/08/23 15:02:35 | 00,000,000 | ---D | M] -- C:\Program Files\Panasonic
[2009/01/29 18:59:07 | 00,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2010/01/18 23:59:37 | 00,000,000 | ---D | M] -- C:\Program Files\ParetoLogic
[2009/10/09 19:27:00 | 00,000,000 | ---D | M] -- C:\Program Files\PlayFirst
[2009/02/14 11:59:16 | 00,000,000 | ---D | M] -- C:\Program Files\PlayPond
[2006/03/15 13:57:35 | 00,000,000 | ---D | M] -- C:\Program Files\Program Shortcuts
[2006/03/28 20:23:46 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/12/17 17:07:12 | 00,000,000 | ---D | M] -- C:\Program Files\Real
[2009/10/03 19:42:15 | 00,000,000 | ---D | M] -- C:\Program Files\RealArcade
[2006/03/23 13:30:08 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/03/22 21:39:11 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek AC97
[2009/04/15 20:56:49 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/12/31 19:39:08 | 00,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2009/12/22 19:25:29 | 00,000,000 | ---D | M] -- C:\Program Files\RegCure
[2010/01/18 23:05:59 | 00,000,000 | ---D | M] -- C:\Program Files\RegDefense
[2009/12/01 14:32:10 | 00,000,000 | ---D | M] -- C:\Program Files\Saitek
[2009/11/28 21:56:34 | 00,000,000 | ---D | M] -- C:\Program Files\Sandlot Games
[2007/08/13 19:10:52 | 00,000,000 | ---D | M] -- C:\Program Files\SatFinder
[2008/06/21 14:01:53 | 00,000,000 | ---D | M] -- C:\Program Files\Serif
[2009/06/25 21:34:39 | 00,000,000 | ---D | M] -- C:\Program Files\Shockwave.com
[2008/11/01 10:08:44 | 00,000,000 | ---D | M] -- C:\Program Files\Slingdot
[2008/11/10 17:18:04 | 00,000,000 | ---D | M] -- C:\Program Files\Steam
[2009/01/03 22:41:20 | 00,000,000 | ---D | M] -- C:\Program Files\The Scruffs
[2009/11/28 21:56:26 | 00,000,000 | ---D | M] -- C:\Program Files\Trapped The Abduction
[2006/03/29 11:57:33 | 00,000,000 | ---D | M] -- C:\Program Files\Trillian
[2007/11/17 18:25:23 | 00,000,000 | ---D | M] -- C:\Program Files\TryMedia
[2009/12/16 21:37:32 | 00,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2006/03/15 14:19:29 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2004/02/04 21:54:33 | 00,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/10/26 09:46:10 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/01/17 17:14:06 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/11/03 18:03:50 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/09/23 22:34:19 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2009/03/21 11:38:42 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2006/03/15 14:19:43 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2008/11/11 10:48:27 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/11/11 10:51:11 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/11/13 00:32:02 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/10/27 17:00:41 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2006/03/15 14:08:11 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/04/08 19:04:33 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2007/09/25 11:30:14 | 00,000,000 | -HSD | M] -- C:\Program Files\winupdates
[2006/08/12 20:38:00 | 00,000,000 | ---D | M] -- C:\Program Files\WON
[2004/02/04 20:57:06 | 00,000,000 | ---D | M] -- C:\Program Files\xerox
[2008/12/11 12:36:12 | 00,000,000 | ---D | M] -- C:\Program Files\XoftSpySE
[2008/12/11 11:56:20 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/01/17 02:49:55 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo! Games
[2009/05/11 00:35:17 | 00,000,000 | ---D | M] -- C:\Program Files\Zylom Games

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-19 00:47:34

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0AB86C0
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B47F9D81
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61AF2B29
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A484ED8
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE1F3AC9
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33A7CC67
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92766455
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31D032DE
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEDA49F4
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC9021B2
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFD2D4A7
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52110139
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22152041
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0671E3E6
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F19AC49
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:250A84D5
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F16D679
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B838CD98
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAC3589E
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D81BA1
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7169BE62
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2495D97A
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AE2936A
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03460648
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F0E7F
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B4A0E23
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC94F18F
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CADE3CFB
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7C6AAAB
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4FDEF97
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81AA7C39
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52DBE86F
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C6E4889
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17927369
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7700065
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCF7E75A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C2A22D4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD727397
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D4852A2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BC73C48
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35D692B0
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D85C242
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8384DB6
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0FAC520
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E4F05ED
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9398DBB4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C8950EF
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAF6860A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2337193
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF89A86D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51EFAA18
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CC17F68
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2453A18E
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F662888F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5294695
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E07EA07E
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C928F3BE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4980368
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B156F3F2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:721C42E8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B79AEF3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE47A3DA
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A2521F1
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8F2B426
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA930225
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D02044C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81AF749E
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:403D77D3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:164FA86E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0A051AD
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C40E212B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3CB23B4
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5DCA26D5
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11926C9B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E48FEB45
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2DCEE0D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2C903BC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BFB769D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981349EA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FEAB9B8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6425A235
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B439AA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:481DAC2B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB12FF2B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B745EBA5
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9CF7CB5
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94124B85
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58EB307C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53C0A7FF
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FC4A10A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BAE765B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:940ECC98
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEF2A14E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F3F179
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:687D1056
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67518200
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A2F483A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0803A95E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A78DF6
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D53344E0
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2520CFF2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1EEB4B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C67AEEBF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFD53918
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B652B720
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8160BC44
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CA7BED1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61F0C8FB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:314CFB12
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CAF6B12
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F067037
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618BF152
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5856B2C0
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DF79F4B
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5F7BBCF
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C472D998
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:838E3A42
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72E546C1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23FA878E
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A36339D
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CD32F3D
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22313216
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7AD9690
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E73C2B7D
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B845F669
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A757EE0B
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:798A3728
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:270A3983
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB3CECA4
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81523426
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:104EF12D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD8531
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37F44C44
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F437A62A
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E89EDC52
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8C96088
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:437B9941
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8470BA
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD9F7E4E
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BCD2C50C
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B0F9E15
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92D18A5E
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B894C266
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0ED4AC2F
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B042939
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E49D185
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDF08FAF
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8247A199
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73933431
< End of report >

OTL Extras logfile created on: 1/19/2010 11:38:29 AM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Owner\Desktop\programi
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 179.80 Gb Free Space | 77.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-O3Q7XTM3HM
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = NavigatorHTML] -- C:\Program Files\Netscape\Navigator 9\navigator.exe (Netscape)

[HKEY_USERS\S-1-5-21-1393686759-595018682-376868852-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"9420:TCP" = 9420:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"58889:TCP" = 58889:TCP:*:Enabled:Pando Media Booster
"58889:UDP" = 58889:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Documents and Settings\Owner\Desktop\nazifa\Combat Arms EU\CombatArms.exe" = C:\Documents and Settings\Owner\Desktop\nazifa\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Documents and Settings\Owner\Desktop\nazifa\Combat Arms EU\Engine.exe" = C:\Documents and Settings\Owner\Desktop\nazifa\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Documents and Settings\Owner\Desktop\pika bo\Combat Arms EU\CombatArms.exe" = C:\Documents and Settings\Owner\Desktop\pika bo\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Documents and Settings\Owner\Desktop\pika bo\Combat Arms EU\Engine.exe" = C:\Documents and Settings\Owner\Desktop\pika bo\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\Owner\Local Settings\Temp\~osE.tmp\ossproxy.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\~osE.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"c:\WINDOWS\temp\~osA.tmp\ossproxy.exe" = c:\WINDOWS\temp\~osA.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine -- ()
"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Documents and Settings\Owner\Desktop\nazifa\Combat Arms EU\CombatArms.exe" = C:\Documents and Settings\Owner\Desktop\nazifa\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Documents and Settings\Owner\Desktop\nazifa\Combat Arms EU\Engine.exe" = C:\Documents and Settings\Owner\Desktop\nazifa\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Documents and Settings\Owner\Desktop\pika bo\Combat Arms EU\CombatArms.exe" = C:\Documents and Settings\Owner\Desktop\pika bo\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Documents and Settings\Owner\Desktop\pika bo\Combat Arms EU\Engine.exe" = C:\Documents and Settings\Owner\Desktop\pika bo\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files\G2G\G2GDownloader\GameOn\GameOnG2G_Engine.exe" = C:\Program Files\G2G\G2GDownloader\GameOn\GameOnG2G_Engine.exe:*:Enabled:GameOnG2G_Engine -- (IcommJapan Corporation)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe" = C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe:*:Enabled:DriverCure -- (ParetoLogic)
"C:\Program Files\Netscape\Navigator 9\navigator.exe" = C:\Program Files\Netscape\Navigator 9\navigator.exe:*:Enabled:Navigator -- (Netscape)
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS2F.tmp\SymNRT.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS2F.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{11051835-560C-9E8F-C9B5-C376F4A46580}" = Catalyst Control Center Graphics Previews Common
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{16D354E4-63D4-B300-AFBC-8D22A94CE6D6}" = ccc-utility
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1af50ad9-fa97-47eb-9c80-36758093c1bb}" = Nero 9 Essentials
"{1C2CD847-D196-079D-E004-C1D82B57E3A7}" = Catalyst Control Center Graphics Full Existing
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}" = ATI Remote Wonder 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37E9E443-FA8E-095F-CF2A-90A18B0B206B}" = CCC Help English
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{3A7FE907-65AE-4D6B-A864-B515C71B078C}" = ATI Decoder
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4468EF97-A253-4699-9E1C-88CAE2C6832D}" = ABBYY FineReader 5.0 Sprint
"{448A1BF6-B110-5C4B-2220-30F5ECE6DD83}" = Catalyst Control Center Core Implementation
"{49480197-4A67-4EAB-AD44-001862FCEEB7}" = Saitek SD6 Programming Software 6.6.6.9
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F3C8CEE-89D6-891E-D728-80A8CF0DCB32}" = ccc-core-preinstall
"{52104101-5B37-4685-A7AC-4CF17C97F127}" = ebgcRes
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{53B2D537-21CF-44D5-A03A-0DAF993B5728}" = ebgcSDK
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{654870E9-EF38-D3B3-328C-ABA367163D15}" = Catalyst Control Center Graphics Full New
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6864ABC3-A982-436B-BEF1-5652D6303361}" = ESET NOD32 Antivirus
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115420647}" = 4 Elements
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8988F5D0-C83F-41F4-B41B-86031F9B37F5}" = ATI Multimedia Center
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CD8CCC0-3C5C-DF21-DAC3-D5834E803F1E}" = Catalyst Control Center Graphics Light
"{8DB5FD37-0949-409E-90D2-10C9B0741F3E}" = ebgcRes
"{8F6A89F1-F04A-6FD8-1802-D7D5BAE382E1}" = ccc-core-static
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96777525-630B-4C0C-BE93-FBCC397C548E}" = Policy Maker™ Software Update Client
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet NIC Driver
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3B20D3D-92F9-5EBA-B557-CECA02984F05}" = Catalyst Control Center HydraVision Full
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{F0601E2E-8FB3-1C63-F72D-54EB2F908767}" = Skins
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"2FAAA66D96E998D4E8495C398B395423A4477741" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"5F3B3A7C3F83EA764CEC04ACBB54F122A4B5BE4F" = Windows Driver Package - TiVo (tivoir) USB (08/15/2008 1.0.1.0)
"7-Zip" = 7-Zip 9.10 beta
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"All ATI Software" = ATI - Software Uninstall Utility
"amg-charmtale2mermaidlagoon" = Charm Tale 2 - Mermaid Lagoon
"ATI Display Driver" = ATI Display Driver
"AVS Audio Converter 6.1_is1" = AVS Audio Converter version 6.1
"AVS Disc Creator_is1" = AVS Disc Creator version 3.5
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.1
"AVS Image Converter_is1" = AVS Image Converter 1.1.1.31 Beta Version
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Photo Editor_is1" = AVS Photo Editor
"AVS TV Recorder_is1" = AVS TV Recorder 2.1.3
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AVSCoverEditor_AVS4YOU_is1" = AVS Cover Editor 1.3.1.96 (AVS4YOU)
"AVSRegistryCleaner_is1" = AVS Registry Cleaner version 1.2
"Azada" = Azada (remove only)
"BFGC" = Big Fish Games Client
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Creation Station Special Edition" = Creation Station Special Edition
"Dream Chronicles 2" = Dream Chronicles 2 (remove only)
"DriverLINX Port I/O Driver" = DriverLINX Port I/O Driver
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow" = ffdshow (remove only)
"GameHouse" = GameHouse
"Hide and Secret 2 Cliffhanger Castle" = Hide and Secret 2 Cliffhanger Castle (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}" = ATI Remote Wonder 2.3
"InstallShield_{3A7FE907-65AE-4D6B-A864-B515C71B078C}" = ATI Decoder
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"InstallShield_{8988F5D0-C83F-41F4-B41B-86031F9B37F5}" = ATI Multimedia Center 9.02.2
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InterActual Player" = InterActual Player
"iWinArcade" = iWin Games (remove only)
"Lexmark X74-X75" = Lexmark X74-X75
"Marvell Miniport Driver" = Marvell Miniport Driver
"Max 11" = Max 11
"Max Mix Foto" = Max Mix Foto
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MVP Word Search" = MVP Word Search
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"Netscape Navigator (9.0.0.4)" = Netscape Navigator (9.0.0.4)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"Professor Wilde" = Professor Wilde
"QuickTime" = QuickTime
"Quik 21" = Quik 21
"RealArcade" = RealArcade
"RealPlayer 12.0" = RealPlayer
"RegCure" = RegCure
"RegDefense" = RegDefense
"Satellite Finder 4.0_is1" = Satellite Finder 4.0
"SSSInst" = Screensavers Installer Version 2
"Super Collapse! II" = Super Collapse! II
"Super TextTwist" = Super TextTwist
"Super WHATword?" = Super WHATword?
"Super Wild Wild Words" = Super Wild Wild Words
"System Requirements Lab" = System Requirements Lab
"System Tweaker_is1" = Uniblue System Tweaker
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Games Player Plugin" = Web Games Player Plugin
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1393686759-595018682-376868852-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2010 6:27:51 PM | Computer Name = YOUR-O3Q7XTM3HM | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/17/2010 9:05:44 PM | Computer Name = YOUR-O3Q7XTM3HM | Source = Application Hang | ID = 1002
Description = Hanging application navigator.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/17/2010 9:05:47 PM | Computer Name = YOUR-O3Q7XTM3HM | Source = Application Hang | ID = 1002
Description = Hanging application navigator.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/17/2010 9:05:59 PM | Computer Name = YOUR-O3Q7XTM3HM | Source = Application Hang | ID = 1002
Description = Hanging application navigator.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 1:24:52 AM | Computer Name = YOUR-O3Q7XTM3HM | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/19/2010 2:15:58 AM | Computer Name = YOUR-O3Q7XTM3HM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 2:16:02 AM | Computer Name = YOUR-O3Q7XTM3HM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 2:16:03 AM | Computer Name = YOUR-O3Q7XTM3HM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2010 2:16:06 AM | Computer Name = YOUR-O3Q7XTM3HM | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/19/2010 2:16:09 AM | Computer Name = YOUR-O3Q7XTM3HM | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 1/19/2010 1:23:46 AM | Computer Name = YOUR-O3Q7XTM3HM | Source = Service Control Manager | ID = 7031
Description = The Remote Procedure Call (RPC) service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 1/19/2010 1:26:33 AM | Computer Name = YOUR-O3Q7XTM3HM | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
following error: %%3

Error - 1/19/2010 1:26:33 AM | Computer Name = YOUR-O3Q7XTM3HM | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126

Error - 1/19/2010 1:26:36 AM | Computer Name = YOUR-O3Q7XTM3HM | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/19/2010 1:26:36 AM | Computer Name = YOUR-O3Q7XTM3HM | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/19/2010 2:57:35 AM | Computer Name = YOUR-O3Q7XTM3HM | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 1/19/2010 10:35:19 AM | Computer Name = YOUR-O3Q7XTM3HM | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
following error: %%3

Error - 1/19/2010 10:35:19 AM | Computer Name = YOUR-O3Q7XTM3HM | Source = Service Control Manager | ID = 7023
Description = The SSHNAS service terminated with the following error: %%126

Error - 1/19/2010 10:35:21 AM | Computer Name = YOUR-O3Q7XTM3HM | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/19/2010 10:35:21 AM | Computer Name = YOUR-O3Q7XTM3HM | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >
  • 0

#4
Rorschach112
Posted 19 January 2010 - 11:00 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O3 - HKLM\..\Toolbar: (Zango) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Value error. File not found
O20 - Winlogon\Notify\polsumgr: DllName - sdmngr.dll - C:\WINDOWS\System32\sdmngr.dll (AutoProf®)
MsConfig - StartUpReg: xvlwwurv - hkey= - key= - C:\Documents and Settings\NetworkService\Local Settings\Application Data\skgqhg\yqbbsysguard.exe File not found
[2010/01/18 00:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\skgqhg
[2010/01/11 20:28:09 | 00,000,502 | -H-- | M] () -- C:\os985612.bin
[2010/01/11 20:28:09 | 00,000,464 | -H-- | M] () -- C:\WINDOWS\System32\ws811164.ocx
[2010/01/11 15:22:16 | 01,099,758 | ---- | M] () -- C:\Program Files\gtwupd.exe
[2009/12/21 20:43:22 | 00,858,421 | ---- | C] () -- C:\Program Files\osiguranje.zip

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#5
marina21
Posted 19 January 2010 - 05:34 PM

marina21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
look i run that program it froze my pc 3 times and fourt time i guess it finished but it wasnt showing anything ugh i just waisted a whole day with same problems just sitting at my pc scaning and still getting nowere.

just mad at this point and i dont want to run this stupid thing again whole day come on and still program didnt finish.
  • 0

#6
Rorschach112
Posted 19 January 2010 - 05:36 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
ok do this then

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#7
marina21
Posted 19 January 2010 - 11:23 PM

marina21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
i finaly did that scan with gmer
this is the file

i just need to know what to do next

Attached Files

  • Attached File  gmer.txt   3.79KB   248 downloads

Edited by marina21, 19 January 2010 - 11:24 PM.

  • 0

#8
Rorschach112
Posted 20 January 2010 - 07:52 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services

:Reg

:Files
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\ServicePackFiles\i386\atapi.sys /replace


:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#9
marina21
Posted 20 January 2010 - 09:49 PM

marina21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
this is the result from otm move

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File C:\WINDOWS\system32\drivers\atapi.sys successfully replaced with C:\WINDOWS\ServicePackFiles\i386\atapi.sys
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: 110509_09-10-31F

User: 220609_09-11-22F

User: 310809_09-08-33F

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 3732 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 5469097 bytes
->Temporary Internet Files folder emptied: 6633766 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53196 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12.00 mb


OTM by OldTimer - Version 3.1.6.0 log created on 01202010_224329

Files moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#10
marina21
Posted 20 January 2010 - 10:18 PM

marina21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
results of combofix log

ComboFix 10-01-20.04 - Owner 01/20/2010 23:01:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1550 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\programi\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\ZangoSA
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSA.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAEULA.mht
c:\documents and settings\Owner\Application Data\Zango
c:\program files\iWin Games\iWinGamesHookIE.dll
c:\program files\Java\jre6\bin\jucheck.exe
c:\program files\winupdates
c:\recycler\S-1-5-21-1652864345-2355026884-3480107626-1003
c:\recycler\S-1-5-21-343818398-1547161642-682003330-1003
c:\recycler\S-1-5-21-3769356267-3688096266-3626373253-1003
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\dllcache\ieframe.dll.mui
c:\windows\system32\Thumbs.db
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 03:43 . 2010-01-21 03:43 -------- d-----w- C:\_OTM
2010-01-19 17:04 . 2010-01-19 17:04 -------- d-----w- C:\_OTL
2010-01-18 02:48 . 2010-01-18 02:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ESET
2010-01-18 00:38 . 2010-01-18 00:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-01-18 00:21 . 2010-01-19 14:51 -------- d-----w- c:\program files\ESET
2010-01-18 00:21 . 2010-01-18 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-01-17 17:19 . 2010-01-19 05:25 43552 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-17 17:19 . 2010-01-19 05:25 36108832 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-17 16:51 . 2010-01-17 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2010-01-17 15:40 . 2010-01-19 04:05 -------- d-----w- c:\program files\RegDefense
2010-01-17 15:26 . 2010-01-17 15:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2010-01-17 14:14 . 2010-01-17 14:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Tific
2010-01-17 14:14 . 2010-01-17 14:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Tific
2010-01-17 08:51 . 2010-01-17 08:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Yahoo
2010-01-17 08:42 . 2010-01-17 08:42 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search
2010-01-17 08:40 . 2010-01-17 08:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-01-17 08:34 . 2010-01-17 08:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-01-15 22:06 . 2010-01-15 22:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-01-15 22:05 . 2010-01-15 22:05 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Windows Search
2010-01-15 22:05 . 2010-01-15 22:05 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-01-15 22:00 . 2010-01-15 22:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-12 01:17 . 2009-12-18 17:46 24576 ----a-w- c:\windows\system32\hashelex.dll
2010-01-12 01:17 . 2010-01-12 01:17 -------- d-----w- c:\windows\PreviewSoft
2010-01-12 01:17 . 2010-01-19 03:50 -------- d-----w- c:\program files\HAWin32
2010-01-11 22:53 . 2010-01-11 22:53 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-11 20:32 . 2010-01-19 04:42 -------- d-----w- c:\program files\Gateway
2010-01-10 02:32 . 2010-01-10 02:32 -------- d-----w- c:\program files\7-Zip
2010-01-10 00:53 . 1996-09-27 15:29 34816 ----a-w- c:\windows\system32\DLPORTIO.dll
2010-01-10 00:53 . 1996-09-27 14:10 3584 ----a-w- c:\windows\system32\drivers\DLPORTIO.sys
2010-01-10 00:53 . 1996-08-21 17:13 27136 ----a-w- c:\windows\system32\drivers\Ctl3d32.dll
2010-01-10 00:53 . 1996-01-12 03:00 722192 ----a-w- c:\windows\system32\VB40032.DLL
2010-01-10 00:53 . 2010-01-11 04:40 -------- d-----w- c:\program files\DLPortIO
2010-01-05 04:20 . 2010-01-11 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-01-04 04:40 . 2001-08-18 03:36 138752 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2010-01-04 04:40 . 2001-08-18 03:36 138752 ----a-w- c:\windows\system32\sndvol32.exe
2009-12-30 20:05 . 2009-12-30 20:07 -------- d-----w- c:\documents and settings\Owner\Application Data\EnchantedCavern
2009-12-28 03:05 . 2009-12-28 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Awem
2009-12-22 19:02 . 2009-12-22 19:02 9409992 ----a-w- c:\program files\windows-kb890830-v3.2.exe
2009-12-22 18:19 . 2009-12-22 18:19 1146184 ----a-w- c:\program files\wlsetup-web.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 04:06 . 2009-07-13 17:53 -------- d-----w- c:\program files\iWin Games
2010-01-21 03:44 . 2008-06-07 22:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 03:43 . 2004-02-05 02:06 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-20 05:34 . 2009-12-01 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-01-19 05:25 . 2010-01-17 17:19 5156 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-19 05:25 . 2010-01-17 17:19 42740 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-19 04:59 . 2009-12-01 05:50 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-01-19 04:59 . 2009-12-01 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-01-19 04:59 . 2009-12-01 05:50 -------- d-----w- c:\program files\ParetoLogic
2010-01-19 04:57 . 2009-02-08 16:16 -------- d-----w- c:\program files\iWin.com
2010-01-18 05:37 . 2006-03-18 20:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-17 22:14 . 2009-10-28 06:50 -------- d-----w- c:\program files\Windows Desktop Search
2010-01-17 18:33 . 2007-09-25 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-17 07:49 . 2007-11-18 18:56 -------- d-----w- c:\program files\Yahoo! Games
2010-01-17 07:44 . 2007-11-13 03:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-15 03:06 . 2006-03-15 19:07 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-14 16:12 . 2009-10-04 00:42 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 17:03 . 2009-01-19 03:07 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-09 22:25 . 2004-02-05 02:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-09 14:31 . 2009-03-09 22:27 -------- d-----w- c:\program files\LimeWire
2009-12-31 23:41 . 2008-12-23 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2009-12-31 22:57 . 2009-01-19 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayPond
2009-12-31 03:33 . 2009-02-08 15:30 -------- d-----w- c:\documents and settings\Owner\Application Data\PlayFirst
2009-12-31 03:33 . 2009-02-08 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-12-28 20:11 . 2009-01-03 08:26 -------- d-----w- c:\documents and settings\All Users\Application Data\MonteCristo
2009-12-27 01:16 . 2006-03-28 01:06 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-12-27 01:16 . 2007-06-10 01:14 -------- d-----w- c:\program files\Incomplete
2009-12-24 15:06 . 2009-11-22 06:54 15431895 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\GameManager\GameDB\F5263T1L1\setup_gF5263T1L1_d699725952_l1_s1.exe
2009-12-23 00:58 . 2006-12-31 05:25 -------- d-----w- c:\program files\Google
2009-12-23 00:25 . 2009-12-17 05:09 -------- d-----w- c:\program files\RegCure
2009-12-22 20:42 . 2009-06-08 03:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Paltalk
2009-12-22 19:08 . 2009-12-22 19:08 176640 ----a-w- c:\program files\Malware Removal Starter Kit.doc
2009-12-21 21:20 . 2009-12-21 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure
2009-12-17 23:31 . 2009-12-17 02:39 -------- d-----w- c:\documents and settings\Owner\Application Data\System Tweaker
2009-12-17 22:07 . 2004-02-05 02:54 -------- d-----w- c:\program files\Real
2009-12-17 20:58 . 2009-12-17 20:58 78160 ----a-w- c:\program files\AutoFix.exe
2009-12-17 20:02 . 2006-03-15 19:28 93200 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-17 19:48 . 2009-03-09 23:55 -------- d-----w- c:\program files\AVS4YOU
2009-12-17 16:40 . 2009-12-01 05:51 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure
2009-12-17 06:33 . 2009-06-28 21:52 -------- d-----w- c:\program files\Canon
2009-12-17 05:23 . 2009-12-17 05:23 -------- d-----w- c:\program files\Marvell
2009-12-17 05:09 . 2009-12-17 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-12-17 04:49 . 2009-07-23 02:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2009-12-17 04:13 . 2009-12-17 04:13 -------- d-----w- c:\program files\ffdshow
2009-12-17 03:11 . 2006-03-15 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI MMC
2009-12-17 02:37 . 2009-12-17 02:15 -------- d-----w- c:\program files\Uniblue
2009-12-17 02:15 . 2009-12-17 02:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-12-17 00:35 . 2009-01-08 16:01 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-12-16 19:37 . 2006-12-10 03:03 -------- d-----w- c:\program files\eGames
2009-12-16 19:34 . 2009-12-16 18:34 -------- d-----w- c:\program files\Essentials Codec Pack
2009-12-16 18:59 . 2009-12-16 18:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic
2009-12-16 18:26 . 2009-12-16 18:26 -------- d-----w- c:\program files\Cucusoft
2009-12-15 00:32 . 2004-02-05 02:54 -------- d-----w- c:\program files\Common Files\Real
2009-12-15 00:31 . 2009-12-15 00:31 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-15 00:31 . 2006-05-31 01:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-15 00:31 . 2006-05-31 01:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-12 01:33 . 2004-02-05 02:55 -------- d-----w- c:\program files\Java
2009-12-11 18:46 . 2009-12-11 18:46 1884280 ----a-w- c:\program files\ffdshow.exe
2009-12-10 22:57 . 2006-10-01 23:28 -------- d--h--r- c:\documents and settings\Owner\Application Data\yahoo!
2009-12-10 01:17 . 2009-02-01 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-12-09 22:43 . 2009-12-09 22:43 207880 ----a-w- c:\program files\bigfishgames_p59065584_s1_l1.exe
2009-12-02 04:04 . 2009-03-09 23:56 -------- d-----w- c:\documents and settings\Owner\Application Data\AVS4YOU
2009-12-01 19:32 . 2009-12-01 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Saitek
2009-12-01 19:32 . 2009-12-01 19:32 -------- d-----w- c:\program files\Saitek
2009-12-01 14:41 . 2009-12-01 14:41 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2009-12-01 06:35 . 2009-12-01 06:35 -------- d-----w- c:\documents and settings\Owner\Application Data\blinkx
2009-11-30 22:49 . 2007-12-20 22:58 -------- d-----w- c:\program files\DivX
2009-11-30 17:40 . 2009-11-30 16:40 46389696 ----a-w- c:\documents and settings\Owner\Application Data\AVS4YOU\AVSUpdateManager\Downloads\AVSVideoConverter.MD5SumIsNotValid.exe
2009-11-30 17:15 . 2009-11-30 17:14 46324304 ----a-w- c:\program files\AVSVideoConverter.exe
2009-11-29 02:56 . 2009-04-12 21:15 -------- d-----w- c:\program files\Sandlot Games
2009-11-29 02:56 . 2009-11-22 20:02 -------- d-----w- c:\program files\Trapped The Abduction
2009-11-22 19:01 . 2009-01-20 20:56 -------- d-----w- c:\documents and settings\Owner\Application Data\blg
2009-11-22 19:01 . 2009-01-20 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\blg
2009-11-22 06:26 . 2009-11-22 06:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii
2009-11-22 05:25 . 2009-11-22 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Princess Isabella
2009-11-21 15:51 . 2004-07-15 00:08 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 02:21 . 2009-11-21 02:21 1245321 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_SecretsofGreatArt\IAF.dll
2009-11-16 14:06 . 2009-11-16 14:06 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-11-16 14:03 . 2009-11-16 14:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 13:56 . 2009-11-16 13:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-11-09 20:59 . 2009-11-09 20:59 1231006 ----a-w- c:\program files\bluecros-ins.zip
2009-11-03 23:04 . 2009-11-03 23:04 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-03 19:45 . 2009-11-03 19:45 247088 ----a-w- c:\program files\chdata.zip
2009-10-29 07:45 . 2005-10-21 20:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-28 05:59 . 2009-10-28 05:59 469736 ----a-w- c:\program files\WindowsXP-KB885626-v2-x86-enu.exe
2009-10-26 16:00 . 2009-10-26 16:00 89105136 ----a-w- c:\program files\NAV2010_17.0_Build_136_OEM90_Microsoft.exe
2009-10-26 15:06 . 2009-10-26 15:06 1505704 ----a-w- c:\program files\SetupOneCare.exe
2009-10-26 14:44 . 2009-10-26 14:44 5154304 ----a-w- c:\program files\WindowsDefender.msi
2009-08-25 20:06 . 2009-08-25 20:06 57856 ----a-w- c:\program files\Denial letter - Arijela Cosic.doc
2009-08-23 20:14 . 2009-08-23 20:14 1045496 ----a-w- c:\program files\driverdetective.exe
2009-08-23 20:01 . 2009-08-23 20:01 1346560 ----a-w- c:\program files\sdfv2000.exe
2009-08-19 02:51 . 2009-08-19 02:51 12589744 ----a-w- c:\program files\pal_install_a100_r1005.exe
2008-04-03 23:35 . 2008-04-03 23:35 0 -c--a-w- c:\program files\temp01
2008-04-03 23:28 . 2008-04-03 23:28 50154448 -c--a-w- c:\program files\yahoo_azada_tm6-2.exe
2007-11-11 01:07 . 2007-11-11 01:07 15452536 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2007-09-14 14:46 . 2007-09-14 14:46 429792 ----a-w- c:\program files\pansat.zip
2006-12-31 05:26 . 2006-12-31 05:26 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pareto_Update"="c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe" [2009-01-13 189808]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-02-05 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 21:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
path=
backup=
backupExtension=Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
backup=c:\windows\pss\Metacafe.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Metacafe.lnk]
backup=c:\windows\pss\Metacafe.lnkStartup
backupExtension=Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-11 14:10 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2006-03-23 18:28 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2006-03-23 18:28 2809344 ----a-w- c:\windows\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
2004-09-23 06:16 69707 ----a-w- c:\program files\ATI Multimedia\main\atidtct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
2004-07-08 18:49 196608 ----a-w- c:\program files\ATI Multimedia\RemCtrl\ATIRW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-11-04 05:10 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-08 01:07 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 08:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-10-10 19:46 69632 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfilerU]
2009-06-03 15:49 237568 ----a-w- c:\program files\Saitek\SD6\Software\ProfilerU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-02-05 02:54 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 03:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
2009-06-03 15:49 131072 ----a-w- c:\program files\Saitek\SD6\Software\SaiMfd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-23 18:28 86016 ----a-w- c:\windows\SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-04 03:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-03-11 23:18 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-15 00:31 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\G2G\\G2GDownloader\\GameOn\\GameOnG2G_Engine.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\ParetoLogic\\DriverCure\\DriverCure.exe"=
"c:\\Program Files\\Netscape\\Navigator 9\\navigator.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"58889:TCP"= 58889:TCP:Pando Media Booster
"58889:UDP"= 58889:UDP:Pando Media Booster

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/16/2009 9:03 AM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11/16/2009 9:06 AM 96408]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.sys [1/9/2010 7:53 PM 3584]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/16/2009 9:04 AM 735960]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/21/2009 11:43 AM 54752]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/2/2009 12:30 PM 78104]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/28/2008 12:23 PM 10384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-01-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-01-19 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-01-20 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-01-19 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-21 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-17 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-21 c:\windows\Tasks\User_Feed_Synchronization-{DC989DA2-5D4B-4C08-BA1E-3BE4B5A54075}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm172YYUS&fl=0&ptb=q8adkJROUrurIYSe86wVCA&url=http://www.ask.com/web&q={searchTerms}&l=zj&o=sb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Search - http://edits.mywebse...?p=ZQxdm002YYUS
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: future-fta.info\www
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {0172828C-CB7D-4C10-AF96-0ED9B52DCFDC} - hxxp://update.g2gcdn.com/g2g/g2gdownloader/GameOnG2G.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://games.bigfishgames.com/en_big-city-adventure-sydney-australia/online/JBGamePlayer.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{8CA5ED52-F3FB-4414-A105-2E3491156990} - c:\program files\iWin Games\iWinGamesHookIE.dll
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
MSConfigStartUp-RDFNSAgent - c:\program files\RegDefense\RDFNSAgent.exe
MSConfigStartUp-RDFNSListener - c:\program files\RegDefense\RDFNSListener.exe
AddRemove-RegDefense - c:\program files\RegDefense\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 23:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(4056)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2010-01-20 23:16:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-21 04:16

Pre-Run: 196,992,892,928 bytes free
Post-Run: 196,946,276,352 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 07F3AEEC5206EB893DFEF10C5B7C6EAF
  • 0

Advertisements

#11
Rorschach112
Posted 21 January 2010 - 08:36 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services

:Reg

:Files
c:\program files\Free Offers from Freeze.com
c:\program files\temp01

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#12
marina21
Posted 21 January 2010 - 08:59 AM

marina21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\program files\Free Offers from Freeze.com folder moved successfully.
c:\program files\temp01 moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: 110509_09-10-31F

User: 220609_09-11-22F

User: 310809_09-08-33F

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 2578 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner
->Temp folder emptied: 294990 bytes
->Temporary Internet Files folder emptied: 21455101 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2726 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 320 bytes

Total Files Cleaned = 21.00 mb


OTM by OldTimer - Version 3.1.6.0 log created on 01212010_095512

Files moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#13
marina21
Posted 21 January 2010 - 09:15 AM

marina21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
i clicked on the link you send me for malwarebytes and it dose open site but i can't find anywhere on the site how to download this program

nevermind i finaly got it i just had to open like 20 windows to get this from one of the other links from the geekmajor link its too complicated even for me to explain lol my god lol

eather way i got it

Edited by marina21, 21 January 2010 - 09:30 AM.

  • 0

#14
marina21
Posted 21 January 2010 - 09:41 AM

marina21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Malwarebytes' Anti-Malware 1.44
Database version: 3608
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/21/2010 10:41:22 AM
mbam-log-2010-01-21 (10-41-22).txt

Scan type: Quick Scan
Objects scanned: 135280
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#15
Rorschach112
Posted 21 January 2010 - 02:13 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
ok lets see kaspersky
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP