View Full Version : Java Wont Install - Malware on my system?
MaximumMayhem
2010-03-13, 11:06
Hi everyone, I have been having a nightmare with Java ever since I can remember. I would be prompted to update and when I do, it states that the application has failed to initialise. Today Youtube no longer works for me and I heard it could be a Flash / Java issue. So I uninstalled Java using Windows Install Clean-Up and got rid of the folder in my Program Files section. Now trying to re-install the damn thing does bupkiss. I get an error stating I need to refresh the browser after attempting to download and install online. I have now tried to install the executable (with the full program and after an hourglass appears periodically I get nothing. Task manager shows that 'distnoted.exe' is there, which never was running before trying to install the executable. Here is my Hijack This log file. Can anyone help?
I cant seem to be able to edit my initial post so here is the Hijack This log repost which is much easier on the eyes. Apologies.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:56 PM, on 13/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Winamp5\winampa.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\UMonit.exe
C:\WINDOWS\system32\GensysAP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Steve\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbit Downloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp5\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [OxigenClientAdmin] "C:\Program Files\Oxigen\bin\Oxigen.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Product Registration.lnk = C:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbit Downloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbit Downloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbit Downloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbit Downloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263212115312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263212104140
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{071461BE-3907-4F14-8EBC-20B6642BBF12}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBCBBF0D-C4F0-465E-949A-D5D935DBA932}: NameServer = 192.231.203.132,192.231.203.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC166A3D-7141-4B7C-AF8D-03AD282B172D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{071461BE-3907-4F14-8EBC-20B6642BBF12}: NameServer = 192.168.0.1
O21 - SSODL: system32 - {66934E72-B2FC-423D-9537-D0B70802B732} - sysprinters.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 9912 bytes
==================
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
IndiGenus
2010-03-14, 01:20
Hello MaximumMayhem and welcome to the forums here at Spybot S&D.
I am seeing one entry that indicates an IRC Bot. Although it looks somewhat disabled it does indicate that you were infected with this at some point. This Malware is known to contain components of a backdoor Trojan.
If this computer is ever used for on-line banking or purchases, I suggest you do the following immediately:
1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
+++++++++++++++++++
Before we do anything with Java let's make sure your PC is clean.
Run OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
+++++++++++++++++++++
Download This file (http://www.gmer.net/download.php). Note its name and save it to your root folder, such as C:\.
Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "Yes" to begin the scan.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.
MaximumMayhem
2010-03-14, 10:37
Hi Indi,
Here is the OTL.txt result from using an OTL quickscan:
OTL logfile created on: 14/03/2010 4:18:24 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 11.77 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 27.95 Gb Total Space | 7.42 Gb Free Space | 26.55% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 2.02 Gb Free Space | 0.68% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVESBIYATCH
Current User Name: Steve
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
PRC - [2010/03/12 14:43:55 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/15 18:06:56 | 010,358,056 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2009/08/28 19:48:08 | 000,015,376 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
PRC - [2009/08/28 19:48:02 | 000,245,288 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/20 10:35:06 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\GensysAP.exe
PRC - [2008/11/20 10:08:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\UMonit.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 11:38:00 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008/01/16 06:54:54 | 000,037,376 | ---- | M] () -- C:\Program Files\Winamp5\winampa.exe
PRC - [2007/06/23 02:01:36 | 000,887,264 | ---- | M] () -- C:\Program Files\Oxigen\bin\Oxigen.exe
PRC - [2006/06/01 14:47:30 | 000,499,712 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
PRC - [2005/05/17 18:48:32 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 20:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2003/05/23 12:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/03/14 10:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
========== Modules (SafeList) ==========
MOD - [2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/05/02 02:38:54 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004/08/04 20:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2003/05/23 12:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/12 15:58:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/13 17:40:46 | 000,000,000 | ---D | M]
[2008/06/24 17:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Extensions
[2007/01/24 20:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\iycum9qa.default\extensions
[2010/03/14 16:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions
[2010/03/13 16:12:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/06/21 16:32:36 | 000,000,000 | ---D | M] (STOP! Hammertime!) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions\{f274730f-db76-4942-97ba-7984ab94f854}
[2007/01/26 16:58:21 | 000,002,392 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\all-music-guide-artist-search.xml
[2009/05/17 03:22:50 | 000,001,127 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\AllGameGuide.xml
[2007/01/26 16:57:50 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\allrecipes.xml
[2010/03/14 16:02:58 | 000,001,412 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\bittorrent.xml
[2006/10/26 02:39:21 | 000,002,214 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\cddball.xml
[2007/01/26 16:56:58 | 000,002,350 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\coveruniverse.xml
[2007/01/26 16:54:05 | 000,002,338 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ebay.xml
[2007/01/26 16:57:44 | 000,002,388 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ebaycouk.xml
[2009/07/01 22:29:01 | 000,001,157 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\freedict.xml
[2007/01/26 16:58:12 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\gracenote-cddb.xml
[2007/01/26 16:57:32 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\icq-uin-search.xml
[2007/01/26 16:56:45 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\idp-translation.xml
[2008/06/24 21:53:56 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\IMDb.xml
[2007/01/26 16:58:18 | 000,002,370 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ms-knowledge-base.xml
[2007/01/26 16:58:06 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\nslookup.xml
[2007/01/26 16:58:24 | 000,002,332 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\thesaurus.xml
[2007/01/26 16:58:00 | 000,002,340 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\wayback-machine.xml
[2007/01/26 16:53:51 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\whois-service.xml
[2008/06/24 21:53:56 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\wikipedia.xml
[2010/03/14 16:02:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/03 13:12:00 | 000,925,696 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPBOARDS.dll
[2010/03/12 14:44:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 14:44:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 14:44:00 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 14:44:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/03/03 16:37:27 | 000,381,529 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13145 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbit Downloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [OxigenClientAdmin] C:\Program Files\Oxigen\bin\Oxigen.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe File not found
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp5\winampa.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk = C:\Program Files\MagicTune Premium\GammaTray.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()
O4 - Startup: C:\Documents and Settings\Steve\Start Menu\Programs\Startup\Product Registration.lnk = C:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263212115312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263212104140 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: system32 - {66934E72-B2FC-423D-9537-D0B70802B732} - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/28 13:03:12 | 000,000,000 | RH-D | M] - G:\autorun -- [ FAT32 ]
O33 - MountPoints2\{cbf32fe9-abd6-11db-924f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{cbf32fe9-abd6-11db-924f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbf32fe9-abd6-11db-924f-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/01/24 19:00:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (286268160212992)
========== Files/Folders - Created Within 14 Days ==========
[2010/03/14 16:12:21 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/03/14 15:49:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Steve\Recent
[2010/03/13 18:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Boardmaker Saves
[2010/03/13 18:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Boardmaker with SD Pro
[2010/03/13 17:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Alcohol 120%
[2010/03/13 17:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2010/03/13 16:45:18 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steve\Desktop\HijackThis.exe
[2010/03/13 16:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Downloads
[2010/03/12 19:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\My GOLD
[2010/03/12 16:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/12 16:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/12 15:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/12 15:57:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/11 17:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Dad's Fishing 11-03-2010
[2010/03/07 16:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Polska
[2010/03/05 02:32:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/05 02:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/04 14:39:03 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/03/04 14:39:03 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/03/04 14:39:03 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/03/04 14:39:03 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/03/04 14:39:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/03/04 14:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/03/04 14:39:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/03/03 16:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Malwarebytes
[2010/03/03 16:38:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/03 16:38:12 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/03 16:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/03 16:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/03 16:32:48 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve\Desktop\Malware Bytes Setup.exe
[2008/11/25 12:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/06/24 18:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/06/24 17:59:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/25 00:28:49 | 002,494,367 | ---- | C] (Plaino) -- C:\Program Files\FLVplayer.exe
[2007/01/27 19:06:14 | 005,689,344 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/03/14 16:13:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\fw272e53.exe
[2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/03/14 15:46:16 | 031,981,568 | ---- | M] () -- C:\Documents and Settings\Steve\NTUSER.DAT
[2010/03/14 15:00:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/14 14:59:45 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/14 14:59:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/14 14:59:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/13 18:54:59 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\ax_files.xml
[2010/03/13 17:39:15 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/13 16:45:26 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Steve\Desktop\HijackThis.exe
[2010/03/12 13:25:41 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/08 14:40:49 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/03/04 14:35:01 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/04 14:33:20 | 030,909,992 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\avira_antivir_personal_en.exe
[2010/03/03 16:37:27 | 000,381,529 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/03 16:34:35 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve\Desktop\Malware Bytes Setup.exe
[2010/03/03 16:25:24 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/03/14 16:13:37 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\fw272e53.exe
[2010/03/13 17:45:49 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\ax_files.xml
[2010/03/13 17:39:15 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/04 14:23:21 | 030,909,992 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\avira_antivir_personal_en.exe
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/22 21:45:53 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/07/18 09:19:16 | 000,263,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/04/20 12:03:30 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\ceville_console_history.txt
[2009/03/20 00:24:24 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ustor.dll
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg7.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg6.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg5.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg4.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg3.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg2.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg0.ini
[2009/03/20 00:24:12 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\IconCfg1.ini
[2008/12/13 00:48:16 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Wlf.INI
[2008/11/20 15:35:15 | 000,010,886 | R--- | C] () -- C:\WINDOWS\System32\RdCi1009.dll
[2008/10/24 19:30:32 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/10/24 19:30:32 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/10/13 14:25:55 | 000,000,223 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2008/10/08 19:24:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wldtlk37.ini
[2008/10/07 20:45:26 | 000,000,051 | ---- | C] () -- C:\WINDOWS\tlknw37.ini
[2008/10/07 20:27:47 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/02/07 21:43:17 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/11/26 13:46:14 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2007/11/13 16:32:35 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\PnkBstrK.sys
[2007/10/24 08:47:47 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/10/04 16:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/26 20:34:13 | 000,138,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/07/31 19:36:35 | 000,000,020 | ---- | C] () -- C:\WINDOWS\musicmv.INI
[2007/07/23 19:25:35 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2007/06/26 01:26:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2007/06/26 01:26:00 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2007/06/01 19:50:35 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/27 14:47:00 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/05/20 02:09:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/05/19 10:26:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/05/19 10:26:32 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/05/04 21:03:24 | 000,000,089 | ---- | C] () -- C:\WINDOWS\graphedt.INI
[2007/05/04 17:55:49 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/05/03 16:14:07 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/04/28 18:04:26 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/04/28 18:04:26 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/04/28 18:04:26 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/03/20 20:28:07 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/03/05 19:11:55 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2007/03/05 19:11:55 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2007/02/26 20:52:01 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\fusioncache.dat
[2007/01/27 20:38:42 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/26 16:04:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2007/01/25 20:33:29 | 000,001,390 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2007/01/25 20:33:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2007/01/25 20:33:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2007/01/24 19:41:09 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2007/01/24 19:41:02 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
========== LOP Check ==========
[2008/08/18 11:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2009/09/19 14:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/04/18 15:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/10/30 21:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/03/03 01:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/21 15:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
[2007/06/02 20:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/09/12 16:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/17 16:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/28 17:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Activision
[2007/08/05 01:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\ArtificialStudios
[2007/09/09 17:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Bioshock
[2007/03/21 17:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\CD-LabelPrint
[2009/10/01 16:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\cYo
[2009/07/25 12:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\dBpoweramp
[2007/08/08 16:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\GanymedeNet
[2009/04/01 13:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\id Software
[2010/02/08 00:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Internode
[2008/01/07 19:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Leadertech
[2009/07/10 17:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\LucasArts
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\NCH Swift Sound
[2008/01/19 16:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Orbit
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Recordpad
[2007/09/16 00:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Softland
[2010/02/19 13:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Sony
[2008/10/02 16:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Sony Setup
[2008/09/19 19:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SPORE
[2008/09/04 11:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SPORE Creature Creator
[2007/03/05 15:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SumatraPDF
[2009/08/18 13:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\System Requirements Lab BETA
[2009/08/28 14:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SystemRequirementsLab
[2008/05/16 15:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Teleca
[2009/09/19 14:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Uniblue
[2008/11/17 19:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Windows Search
[2009/07/22 13:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\XLink Kai
[2009/08/24 19:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\yoclient
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2005/03/14 17:05:08 | 000,091,776 | R--- | M] (NVIDIA Corporation) MD5=52CAB126C3ED5B851FB80EBA0BEA5C4E -- C:\WINDOWS\system32\drivers\nvatabus.sys
< MD5 for: SCECLI.DLL >
[2004/08/04 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
========== Files - Unicode (All) ==========
[2010/02/09 16:38:17 | 000,000,081 | ---- | M] ()(C:\Documents and Settings\Steve\Desktop\Xbox C4 ???????? ???????????????? ???????????.URL) -- C:\Documents and Settings\Steve\Desktop\Xbox C4 ロストプラネット エクストリームコンディション攻略 ターゲットマークの配置.URL
[2010/02/09 16:38:17 | 000,000,081 | ---- | C] ()(C:\Documents and Settings\Steve\Desktop\Xbox C4 ???????? ???????????????? ???????????.URL) -- C:\Documents and Settings\Steve\Desktop\Xbox C4 ロストプラネット エクストリームコンディション攻略 ターゲットマークの配置.URL
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29ACA54
< End of report >
MaximumMayhem
2010-03-14, 10:43
Indi, here is the Extras.txt result from using the OTL scan:
OTL Extras logfile created on: 14/03/2010 4:18:24 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 11.77 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 27.95 Gb Total Space | 7.42 Gb Free Space | 26.55% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 2.02 Gb Free Space | 0.68% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVESBIYATCH
Current User Name: Steve
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp5\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp5\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp5\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Miranda IM\miranda32.exe" = C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- File not found
"C:\Program Files\Games\The Lord of the Rings Online\lotroclient.exe" = C:\Program Files\Games\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient -- File not found
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- File not found
"C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe:*:Enabled:_aunchPad -- File not found
"C:\Program Files\Games\Battlefield 2\BF2.exe" = C:\Program Files\Games\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Games\Starship Troopers\Starship Troopers\STGame.exe" = C:\Program Files\Games\Starship Troopers\Starship Troopers\STGame.exe:*:Enabled:Starship Troopers -- File not found
"C:\Program Files\Games\Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe" = C:\Program Files\Games\Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*:Disabled:SplinterCell4 -- File not found
"C:\Program Files\Orbit Downloader\orbitdm.exe" = C:\Program Files\Orbit Downloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbit Downloader\orbitnet.exe" = C:\Program Files\Orbit Downloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Games\Star Wars Galactic Battlegrounds Saga\Game\battlegrounds_x1.exe" = C:\Program Files\Games\Star Wars Galactic Battlegrounds Saga\Game\battlegrounds_x1.exe:*:Enabled:Star Wars Galactic Battlegrounds: Clone Campaigns -- File not found
"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\SteamApps\maximummayhem\team fortress 2\hl2.exe" = C:\Program Files\Steam\SteamApps\maximummayhem\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\Games\Unreal Tournament 3\Binaries\UT3.exe" = C:\Program Files\Games\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- File not found
"C:\Program Files\Steam\SteamApps\maximummayhem\source sdk base\hl2.exe" = C:\Program Files\Steam\SteamApps\maximummayhem\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Games\Star Wars Battlefront II\GameData\battlefrontII.exe" = C:\Program Files\Games\Star Wars Battlefront II\GameData\battlefrontII.exe:*:Enabled:battlefrontII -- File not found
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe" = C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- File not found
"C:\Program Files\Games\TmNationsForever\TmForever.exe" = C:\Program Files\Games\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- File not found
"C:\Program Files\Games\Test Drive Unlimited\TestDriveUnlimited.exe" = C:\Program Files\Games\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited -- File not found
"C:\Program Files\Java\jre1.6.0_01\bin\java.exe" = C:\Program Files\Java\jre1.6.0_01\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- File not found
"C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- File not found
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe" = C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe:*:Enabled:Media Manager for WALKMAN 1.2 -- (Sony Creative Software Inc.)
"C:\Program Files\Games\Boiling Point\Xenus.exe" = C:\Program Files\Games\Boiling Point\Xenus.exe:*:Disabled:Xenus -- File not found
"C:\Program Files\Games\Iron Man\IronMan.exe" = C:\Program Files\Games\Iron Man\IronMan.exe:*:Disabled:A2M Game Engine -- File not found
"C:\Documents and Settings\Steve\Desktop\SteamStats.exe" = C:\Documents and Settings\Steve\Desktop\SteamStats.exe:*:Enabled:SteamStats -- File not found
"C:\Program Files\XLink Kai\kaiEngine.exe" = C:\Program Files\XLink Kai\kaiEngine.exe:*:Enabled:XLink Kai Evolution 7 Engine -- (http://www.teamxlink.co.uk (Team XLink))
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\ComicZeal Sync\jre\bin\javaw.exe" = C:\Program Files\ComicZeal Sync\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\ComicZeal Sync\ComicZeal Sync.exe" = C:\Program Files\ComicZeal Sync\ComicZeal Sync.exe:*:Enabled:ComicZeal Sync -- ()
"C:\Program Files\Steam\SteamApps\common\left 4 dead 2 demo\left4dead2.exe" = C:\Program Files\Steam\SteamApps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2 -- File not found
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- File not found
"C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe" = C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe:*:Enabled:Logitech -- (Logitech, Inc.)
"C:\Program Files\Steam\SteamApps\common\aliens versus predator classic\AvP_Classic.exe" = C:\Program Files\Steam\SteamApps\common\aliens versus predator classic\AvP_Classic.exe:*:Enabled:Aliens versus Predator Classic 2000 -- ()
"C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_Launcher.exe" = C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_Launcher.exe:*:Enabled:Aliens vs Predator -- (Sega Europe Limited)
"C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_DX11.exe" = C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP_DX11.exe:*:Enabled:Aliens vs Predator -- (Sega Europe Limited)
"C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP.exe" = C:\Program Files\Steam\SteamApps\common\aliens vs predator\AvP.exe:*:Enabled:Aliens vs Predator -- (Sega Europe Limited)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6E543B-97E8-41F2-B0DE-61BDB87601CE}" = Motorola Phone Tools
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D00AE6-69DE-4087-A1A9-84ADD10E5530}" = BHA B's Recorder GOLD BASIC 7.13
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{581CE7EA-A30D-0000-1211-088635773309}" = ZyDAS IEEE 802.11 b+g Wireless LAN - USB
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5A6ED905-D19D-4954-8499-0DAF386460F7}" = Media Manager for WALKMAN 1.2
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B25E9FF-7494-4320-8F52-5EDE655B9940}_is1" = ComicZeal Sync 0.9.4.5
"{6F3F58D0-6CE9-4B76-B3C2-9E5BD6323992}" = Quake Live Mozilla Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 0.972
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87C24822-389C-45AA-9E75-0757B8F1A892}" = XLink Kai
"{886F5F1C-9E57-4A91-B5C7-0C7FF0AA8780}" = USB Dual Vibration Joystick
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{9359C1A8-6CC9-4410-961B-E757DC004BEF}" = System Requirements Lab BETA
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFA382-DACD-41AD-82C8-06FCEA966624}" = SanDisk ImageMate
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Boardmaker" = Boardmaker
"BookWorm Deluxe 1.0" = BookWorm Deluxe 1.0
"CanoCraft CS-P 3.7" = Canon CanoCraft CS-P 3.7
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
"CANONBJ_Deinstall_CNMCP6d.DLL" = Canon PIXMA iP5000
"CDisplay_is1" = CDisplay 1.8
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2006-12-15
"coverXP" = coverXP (remove only)
"dBpoweramp AAC Encoder" = dBpoweramp AAC Encoder
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"EOS Utility" = Canon Utilities EOS Utility
"FLAC" = FLAC 1.2.1b (remove only)
"Freecorder_1.0" = Freecorder 2.3 (with Skype Call Recording)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Internode Monthly Usage Meter_is1" = Internode Monthly Usage Meter 5.3i
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"motogp-impact 1.0-build.459" = motogp-impact 1.0-build.459
"Movies2iPhone" = Movies2iPhone .74b
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Orbit_is1" = Orbit
"PhotoStudio 2000 Trial" = PhotoStudio 2000 Trial
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Puzzle Quest1.01" = Puzzle Quest
"QuicktimeAlt_is1" = QuickTime Alternative 2.7.0
"RealAlt_is1" = Real Alternative 1.52
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Steam App 10680" = Aliens vs Predator
"Steam App 215" = Source SDK Base
"Steam App 3730" = Aliens versus Predator Classic 2000
"Steam App 440" = Team Fortress 2
"SUPER ©" = SUPER © Version 2007.bld.23 (July 4, 2007)
"Supplemental Installer" = BSF v6 Supplemental Installer
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The One Ring 3D Screensaver_is1" = The One Ring 3D Screensaver 1.0
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VideoLAN VLC media player 0.8.6a
"VTFEdit_is1" = VTFEdit 1.2.1
"WavePad" = WavePad Uninstall
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/01/2010 6:09:03 AM | Computer Name = STEVESBIYATCH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/01/2010 1:52:22 AM | Computer Name = STEVESBIYATCH | Source = Application Hang | ID = 1002
Description = Hanging application steam.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/01/2010 1:52:30 AM | Computer Name = STEVESBIYATCH | Source = Application Hang | ID = 1001
Description = Fault bucket 07601534.
Error - 10/01/2010 12:36:15 PM | Computer Name = STEVESBIYATCH | Source = Application Hang | ID = 1002
Description = Hanging application mum.exe, version 8.1.23.203, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/01/2010 12:36:17 PM | Computer Name = STEVESBIYATCH | Source = Application Hang | ID = 1001
Description = Fault bucket 1586578081.
Error - 13/01/2010 5:22:15 PM | Computer Name = STEVESBIYATCH | Source = Application Hang | ID = 1002
Description = Hanging application mum.exe, version 8.1.23.203, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 25/01/2010 7:47:29 AM | Computer Name = STEVESBIYATCH | Source = Application Hang | ID = 1002
Description = Hanging application iPhone Explorer.exe, version 0.9.7.2, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 13/03/2010 3:47:26 AM | Computer Name = STEVESBIYATCH | Source = MsiInstaller | ID = 10005
Description = Product: Java(TM) SE Runtime Environment 6 Update 1 -- Internal Error
2753. RegUtils
Error - 13/03/2010 3:50:36 AM | Computer Name = STEVESBIYATCH | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
MSICUU: Thread ID: 3820 ,Logged: Success: C:\Program Files\Windows Installer Clean
Up\msizap.exe TW! {3248F0A8-6813-11D6-A77B-00B0D0160010}
Error - 13/03/2010 3:51:35 AM | Computer Name = STEVESBIYATCH | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
MSICUU: Thread ID: 2416 ,Logged: Failed: C:\Program Files\Windows Installer Clean
Up\msizap.exe TW! {D6D532B2-22E1-43AA-B4B7-34D772314859}
[ System Events ]
Error - 13/03/2010 3:47:35 AM | Computer Name = STEVESBIYATCH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 13/03/2010 3:47:35 AM | Computer Name = STEVESBIYATCH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 13/03/2010 3:47:35 AM | Computer Name = STEVESBIYATCH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 13/03/2010 3:47:35 AM | Computer Name = STEVESBIYATCH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 13/03/2010 3:47:35 AM | Computer Name = STEVESBIYATCH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 13/03/2010 3:47:36 AM | Computer Name = STEVESBIYATCH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 13/03/2010 3:47:36 AM | Computer Name = STEVESBIYATCH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 13/03/2010 3:47:36 AM | Computer Name = STEVESBIYATCH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 13/03/2010 3:47:36 AM | Computer Name = STEVESBIYATCH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 13/03/2010 3:47:36 AM | Computer Name = STEVESBIYATCH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
< End of report >
MaximumMayhem
2010-03-14, 13:17
Indi, finally here is the result from my GMER scan. Thanks so much for looking into this. If it wasnt for helpful people like yourself, the world would be a far more difficult place. I hope this goes some way to finding out why Java will refuse to install on my system due to something nasty lurking beneathe.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-14 19:15:26
Windows 5.1.2600 Service Pack 3
Running: fw272e53.exe; Driver: C:\DOCUME~1\Steve\LOCALS~1\Temp\fxtiakoc.sys
---- System - GMER 1.0.15 ----
SSDT A3685EC6 ZwCreateKey
SSDT A3685EBC ZwCreateThread
SSDT A3685ECB ZwDeleteKey
SSDT A3685ED5 ZwDeleteValueKey
SSDT spxg.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spxg.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT A3685EDA ZwLoadKey
SSDT spxg.sys ZwOpenKey [0xB7EB50C0]
SSDT A3685EA8 ZwOpenProcess
SSDT A3685EAD ZwOpenThread
SSDT spxg.sys ZwQueryKey [0xB7ECE20A]
SSDT spxg.sys ZwQueryValueKey [0xB7ECE08A]
SSDT A3685EE4 ZwReplaceKey
SSDT A3685EDF ZwRestoreKey
SSDT A3685ED0 ZwSetValueKey
SSDT A3685EB7 ZwTerminateProcess
INT 0x62 ? 8AF8EBF8
INT 0x63 ? 8ABEAF00
INT 0x73 ? 8AF8EBF8
INT 0x82 ? 8AF8EBF8
INT 0x83 ? 8AF8EBF8
INT 0xB4 ? 8ABEAF00
---- Kernel code sections - GMER 1.0.15 ----
? spxg.sys The system cannot find the file specified. !
.sfrelocÿÿÿÿsfsync03unknown last section [0xB80D5000, 0xA20, 0x40000040] C:\WINDOWS\system32\drivers\sfsync03.sys unknown last section [0xB80D5000, 0xA20, 0x40000040]
.text USBPORT.SYS!DllUnload B5DE98AC 5 Bytes JMP 8ABEA4E0
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB4BBB380, 0x550AF5, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA270D300, 0x3AF78, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8408300, 0x1BCE, 0xE8000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spxg.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spxg.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spxg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spxg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spxg.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spxg.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8AF8D1F8
Device \FileSystem\Fastfat \FatCdrom 8AA1D500
Device \FileSystem\Udfs \UdfsCdRom 8AAF2500
Device \FileSystem\Udfs \UdfsDisk 8AAF2500
Device \Driver\USBSTOR \Device\0000008f 8AB01500
Device \Driver\USBSTOR \Device\0000008f sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbohci \Device\USBPDO-0 8ABE6500
Device \Driver\usbehci \Device\USBPDO-1 8AD6E500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AF8F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AF8F1F8
Device \Driver\Cdrom \Device\CdRom0 8AD11470
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AF8F1F8
Device \Driver\USBSTOR \Device\00000090 8AB01500
Device \Driver\USBSTOR \Device\00000090 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 8AAF81F8
Device \Driver\NetBT \Device\NetbiosSmb 8AAF81F8
Device \Driver\nvatabus \Device\00000079 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbohci \Device\USBFDO-0 8ABE6500
Device \Driver\nvatabus \Device\0000007a sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbehci \Device\USBFDO-1 8AD6E500
Device \Driver\nvatabus \Device\NvAta0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8AB231F8
Device \Driver\nvatabus \Device\0000007b sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvatabus \Device\NvAta1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8AB231F8
Device \Driver\nvatabus \Device\NvAta2 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Ftdisk \Device\FtControl 8AF8F1F8
Device \Driver\nvatabus \Device\0000007e sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 8AA1D500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 897C8500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060a524cd
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1D 0x45 0xEA 0x35 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060a524cd (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1D 0x45 0xEA 0x35 ...
---- EOF - GMER 1.0.15 ----
MaximumMayhem
2010-03-14, 13:25
For further note, I have had my Steam and Yahoo emails hacked about a week and a half ago and it's the first time something like this has ever happened. I have just contacted my bank and urged them to lock my internet banking account. Thanks for the heads up and I look forward to a solution.
IndiGenus
2010-03-14, 18:39
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Please also post an updated OTL log (there will be no extras log this time) and let me know how it's running.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
MaximumMayhem
2010-03-15, 04:23
Hi Indi, here is the logfile generated from ComboFix:
ComboFix 10-03-14.04 - Steve 15/03/2010 10:08:14.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.3071.2576 [GMT 8:00]
Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk
c:\documents and settings\Steve\My Documents\ZbThumbnail.info
c:\documents and settings\Steve\new.txt
c:\windows\install.exe
c:\windows\system32\mswinup.exe
c:\windows\system32\tmp10.tmp
c:\windows\system32\winsvcup.exe
c:\windows\system32\winupsvc.exe
.
((((((((((((((((((((((((( Files Created from 2010-02-15 to 2010-03-15 )))))))))))))))))))))))))))))))
.
2010-03-14 12:33 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-13 10:08 . 2010-03-13 10:16 -------- d-----w- c:\program files\Boardmaker with SD Pro
2010-03-13 09:41 . 2010-03-13 09:41 -------- d-----w- c:\program files\Alcohol Soft
2010-03-13 09:39 . 2010-03-13 09:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-12 08:00 . 2010-03-12 08:00 -------- d-----w- c:\program files\iPod
2010-03-12 08:00 . 2010-03-12 08:00 -------- d-----w- c:\program files\iTunes
2010-03-12 07:58 . 2010-03-12 07:58 -------- d-----w- c:\program files\QuickTime
2010-03-12 07:39 . 2010-03-12 07:39 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-04 06:39 . 2010-03-08 06:40 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-04 06:39 . 2009-03-30 01:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-04 06:39 . 2009-02-13 03:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-04 06:39 . 2009-02-13 03:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-04 06:39 . 2010-03-04 06:39 -------- d-----w- c:\program files\Avira
2010-03-04 06:39 . 2010-03-04 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-03 08:38 . 2010-03-03 08:38 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes
2010-03-03 08:38 . 2010-01-07 08:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-03 08:38 . 2010-03-03 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-03 08:38 . 2010-01-07 08:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-03 08:38 . 2010-03-03 08:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-25 11:24 . 2010-02-25 11:24 -------- d-----w- c:\program files\dumps
2010-02-17 07:17 . 2010-02-17 07:17 -------- d-----w- c:\program files\Support Tools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 10:58 . 2007-07-17 08:00 -------- d-----w- c:\documents and settings\Steve\Application Data\U3
2010-03-13 08:11 . 2009-07-24 14:44 -------- d---a-w- c:\program files\JDownloader 0.6.193
2010-03-12 08:00 . 2009-07-17 08:32 -------- d-----w- c:\program files\Common Files\Apple
2010-03-08 11:18 . 2007-10-26 15:08 -------- d-----w- c:\program files\Steam
2010-03-04 06:36 . 2008-06-24 10:05 -------- d-----w- c:\program files\Avast 4
2010-03-03 08:30 . 2009-03-16 06:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-02 17:31 . 2007-09-15 16:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-02 17:31 . 2008-06-24 09:55 -------- d-----w- c:\program files\SpywareBlaster
2010-02-19 06:22 . 2007-02-11 07:03 -------- d-----w- c:\program files\Games
2010-02-19 05:53 . 2007-05-26 10:41 -------- d-----w- c:\program files\Sony
2010-02-19 05:52 . 2008-10-02 15:49 -------- d-----w- c:\documents and settings\Steve\Application Data\Sony
2010-02-19 05:47 . 2009-11-04 07:29 -------- d-----w- c:\program files\Foobar 2000
2010-02-15 02:59 . 2009-11-15 09:35 152576 ----a-w- c:\documents and settings\Steve\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-15 02:55 . 2009-11-15 09:32 79488 ----a-w- c:\documents and settings\Steve\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-11 06:39 . 2010-02-11 06:39 -------- d-----w- c:\program files\Logitech Touch Mouse Server
2010-02-10 16:17 . 2009-08-28 07:02 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-07 16:48 . 2007-02-28 10:22 -------- d-----w- c:\documents and settings\Steve\Application Data\Internode
2010-02-07 16:48 . 2007-02-28 10:22 -------- d-----w- c:\program files\Internode Usage Meter
2010-01-25 11:03 . 2010-01-25 11:03 -------- d-----w- c:\documents and settings\Steve\Application Data\.BitTornado
2010-01-21 03:36 . 2007-04-22 07:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-11 14:17 . 2010-01-11 14:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 14:17 . 2010-01-11 14:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 14:17 . 2010-01-11 14:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 14:17 . 2010-01-11 14:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 14:17 . 2010-01-11 14:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 14:17 . 2010-01-11 14:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2007-01-24 10:56 343040 ----a-w- c:\windows\system32\mspaint.exe
2007-08-16 00:22 . 2007-12-24 16:28 2494367 ----a-w- c:\program files\FLVplayer.exe
2006-03-20 06:37 . 2007-01-27 11:06 5689344 ----a-w- c:\program files\mplayerc.exe
2006-05-03 09:06 . 2007-09-18 13:00 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-09-18 13:00 31232 --sh--r- c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp5\winampa.exe" [2008-01-15 37376]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-28 76304]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"UMonit"="c:\windows\system32\UMonit.exe" [2008-11-20 28672]
"OxigenClientAdmin"="c:\program files\Oxigen\bin\Oxigen.exe" [2007-06-22 887264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-1-9 805392]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2007-3-5 155648]
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2009-7-22 499712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-01 18:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Games\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Orbit Downloader\\orbitdm.exe"=
"c:\\Program Files\\Orbit Downloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\pnkbstra.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\SteamApps\\maximummayhem\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\XLink Kai\\kaiEngine.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ComicZeal Sync\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\ComicZeal Sync\\ComicZeal Sync.exe"=
"c:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens versus predator classic\\AvP_Classic.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens vs predator\\AvP_Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens vs predator\\AvP_DX11.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens vs predator\\AvP.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6/12/2005 11:11 PM 35328]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/03/2010 2:39 PM 108289]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/03/2010 5:39 PM 691696]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [20/03/2009 12:24 AM 12416]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/05/2008 4:49 PM 10976]
S3 pbfilter;pbfilter;c:\documents and settings\Steve\Desktop\Peer Block\pbfilter.sys [11/03/2010 8:48 PM 14424]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [22/07/2009 1:43 PM 36928]
S3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [20/11/2008 3:35 PM 79649]
S3 ZD1211BU(WIFI LINK);WIFI LINK IEEE 802.11 b+g Wireless LAN Driver (USB)(WIFI LINK);c:\windows\system32\drivers\ZD1211BU.sys [26/06/2007 1:26 AM 450560]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbit Downloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbit Downloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbit Downloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbit Downloader\orbitmxt.dll/202
TCP: {071461BE-3907-4F14-8EBC-20B6642BBF12} = 192.168.0.1
TCP: {DBCBBF0D-C4F0-465E-949A-D5D935DBA932} = 192.231.203.132,192.231.203.3
TCP: {DC166A3D-7141-4B7C-AF8D-03AD282B172D} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBOARDS.dll
FF - plugin: c:\program files\VLC Player\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_01\bin\jusched.exe
HKLM-Run-nwiz - nwiz.exe
Notify-AtiExtEvent - (no file)
AddRemove-53F13DB4D9611FD63BE580F06F0729BF236ABE68 - c:\progra~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe
AddRemove-motogp-impact 1.0-build.459 - c:\program files\Java\jre1.6.0_01\bin\javaw.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 10:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\UMonit.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2000478354-484061587-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:08,ea,6a,f5,54,27,41,5a,15,15,72,22,18,7c,cb,34,6d,13,e3,7f,c3,6b,8c,
43,e7,68,22,e2,d7,bf,a6,c3,ab,7d,32,a3,45,47,d7,a1,da,e6,d7,3a,71,e1,b9,1a,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
[HKEY_USERS\S-1-5-21-2000478354-484061587-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:4e,a3,ff,3d,55,86,c2,77,d1,2c,6f,99,a7,76,c9,f2,1e,d2,81,e6,a0,
b8,9c,d5,a6,f8,46,f1,1f,6f,ec,3e,a2,11,e8,dc,a1,8e,09,7a,36,f5,60,f8,fb,9f,\
"rkeysecu"=hex:a6,42,e4,c8,32,67,5a,f8,2b,1b,a6,23,c0,5e,13,77
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(476)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-03-15 10:14:57
ComboFix-quarantined-files.txt 2010-03-15 02:14
Pre-Run: 12,368,306,176 bytes free
Post-Run: 12,398,276,608 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 15D4AEE25843D93B5371994006451C46
MaximumMayhem
2010-03-15, 04:37
Indi, here is the second result of the OTL scan in OTL.txt form. I have no idea what I am looking for in these results texts, so hopefully he've made great progress. :bigthumb:
OTL logfile created on: 15/03/2010 10:25:26 AM - Run 2
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 11.58 Gb Free Space | 15.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 27.95 Gb Total Space | 7.42 Gb Free Space | 26.55% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVESBIYATCH
Current User Name: Steve
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 11:38:00 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2007/06/23 02:01:36 | 000,887,264 | ---- | M] () -- C:\Program Files\Oxigen\bin\Oxigen.exe
PRC - [2005/05/17 18:48:32 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 20:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
========== Modules (SafeList) ==========
MOD - [2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/05/02 02:38:54 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004/08/04 20:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2003/05/23 12:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/12 15:58:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/13 17:40:46 | 000,000,000 | ---D | M]
[2008/06/24 17:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Extensions
[2007/01/24 20:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\iycum9qa.default\extensions
[2010/03/14 19:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions
[2010/03/13 16:12:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/06/21 16:32:36 | 000,000,000 | ---D | M] (STOP! Hammertime!) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions\{f274730f-db76-4942-97ba-7984ab94f854}
[2007/01/26 16:58:21 | 000,002,392 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\all-music-guide-artist-search.xml
[2009/05/17 03:22:50 | 000,001,127 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\AllGameGuide.xml
[2007/01/26 16:57:50 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\allrecipes.xml
[2010/03/14 16:02:58 | 000,001,412 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\bittorrent.xml
[2006/10/26 02:39:21 | 000,002,214 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\cddball.xml
[2007/01/26 16:56:58 | 000,002,350 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\coveruniverse.xml
[2007/01/26 16:54:05 | 000,002,338 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ebay.xml
[2007/01/26 16:57:44 | 000,002,388 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ebaycouk.xml
[2009/07/01 22:29:01 | 000,001,157 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\freedict.xml
[2007/01/26 16:58:12 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\gracenote-cddb.xml
[2007/01/26 16:57:32 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\icq-uin-search.xml
[2007/01/26 16:56:45 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\idp-translation.xml
[2008/06/24 21:53:56 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\IMDb.xml
[2007/01/26 16:58:18 | 000,002,370 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ms-knowledge-base.xml
[2007/01/26 16:58:06 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\nslookup.xml
[2007/01/26 16:58:24 | 000,002,332 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\thesaurus.xml
[2007/01/26 16:58:00 | 000,002,340 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\wayback-machine.xml
[2007/01/26 16:53:51 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\whois-service.xml
[2008/06/24 21:53:56 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\wikipedia.xml
[2010/03/14 19:14:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/03 13:12:00 | 000,925,696 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPBOARDS.dll
[2010/03/12 14:44:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 14:44:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 14:44:00 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 14:44:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/03/03 16:37:27 | 000,381,529 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13145 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbit Downloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OxigenClientAdmin] C:\Program Files\Oxigen\bin\Oxigen.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp5\winampa.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()
O4 - Startup: C:\Documents and Settings\Steve\Start Menu\Programs\Startup\Product Registration.lnk = C:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263212115312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263212104140 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/01/24 19:00:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (564968588050432)
========== Files/Folders - Created Within 14 Days ==========
[2010/03/15 10:14:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/15 10:05:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/15 10:00:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/15 10:00:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/15 10:00:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/15 10:00:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/15 10:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/15 09:59:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/14 16:12:21 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/03/14 15:49:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Steve\Recent
[2010/03/13 18:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Boardmaker Saves
[2010/03/13 18:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Boardmaker with SD Pro
[2010/03/13 17:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Alcohol 120%
[2010/03/13 17:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2010/03/13 17:39:15 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/13 16:45:18 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steve\Desktop\HijackThis.exe
[2010/03/13 16:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Downloads
[2010/03/12 19:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\My GOLD
[2010/03/12 16:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/12 16:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/12 15:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/12 15:57:52 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/03/11 20:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Peer Block
[2010/03/11 17:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Dad's Fishing 11-03-2010
[2010/03/07 16:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Polska
[2010/03/05 02:32:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/05 02:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/04 14:39:03 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/03/04 14:39:03 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/03/04 14:39:03 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/03/04 14:39:03 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/03/04 14:39:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/03/04 14:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/03/04 14:39:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/03/03 16:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Malwarebytes
[2010/03/03 16:38:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/03 16:38:12 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/03 16:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/03 16:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/03 16:32:48 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve\Desktop\Malware Bytes Setup.exe
[2008/11/25 12:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/06/24 18:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/06/24 17:59:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/25 00:28:49 | 002,494,367 | ---- | C] (Plaino) -- C:\Program Files\FLVplayer.exe
[2007/01/27 19:06:14 | 005,689,344 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/03/15 10:14:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/15 10:12:31 | 000,000,292 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/15 10:05:17 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/03/15 10:01:43 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/15 10:00:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/15 10:00:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/15 09:59:30 | 031,981,568 | ---- | M] () -- C:\Documents and Settings\Steve\NTUSER.DAT
[2010/03/15 09:34:23 | 003,889,756 | R--- | M] () -- C:\Documents and Settings\Steve\Desktop\ComboFix.exe
[2010/03/14 16:13:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\fw272e53.exe
[2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/03/13 18:54:59 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\ax_files.xml
[2010/03/13 17:39:15 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/13 16:45:26 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Steve\Desktop\HijackThis.exe
[2010/03/12 13:25:41 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/11 20:44:35 | 000,820,166 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\PeerBlock_r181__Win32_Release.zip
[2010/03/08 14:40:49 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/03/04 14:35:01 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/04 14:33:20 | 030,909,992 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\avira_antivir_personal_en.exe
[2010/03/03 16:37:27 | 000,381,529 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/03 16:34:35 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve\Desktop\Malware Bytes Setup.exe
[2010/03/03 16:25:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/03/15 10:05:17 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/03/15 10:05:14 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/15 10:00:46 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/15 10:00:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/15 10:00:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/15 10:00:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/15 10:00:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/15 09:33:10 | 003,889,756 | R--- | C] () -- C:\Documents and Settings\Steve\Desktop\ComboFix.exe
[2010/03/14 16:13:37 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\fw272e53.exe
[2010/03/13 17:45:49 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\ax_files.xml
[2010/03/11 20:44:21 | 000,820,166 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\PeerBlock_r181__Win32_Release.zip
[2010/03/04 14:23:21 | 030,909,992 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\avira_antivir_personal_en.exe
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/22 21:45:53 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/07/18 09:19:16 | 000,263,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/04/20 12:03:30 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\ceville_console_history.txt
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg7.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg6.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg5.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg4.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg3.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg2.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg0.ini
[2009/03/20 00:24:12 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\IconCfg1.ini
[2008/12/13 00:48:16 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Wlf.INI
[2008/11/20 15:35:15 | 000,010,886 | R--- | C] () -- C:\WINDOWS\System32\RdCi1009.dll
[2008/10/24 19:30:32 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/10/24 19:30:32 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/10/13 14:25:55 | 000,000,223 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2008/10/08 19:24:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wldtlk37.ini
[2008/10/07 20:45:26 | 000,000,051 | ---- | C] () -- C:\WINDOWS\tlknw37.ini
[2008/10/07 20:27:47 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/02/07 21:43:17 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/11/26 13:46:14 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2007/11/13 16:32:35 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\PnkBstrK.sys
[2007/10/24 08:47:47 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/10/04 16:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/26 20:34:13 | 000,138,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/07/31 19:36:35 | 000,000,020 | ---- | C] () -- C:\WINDOWS\musicmv.INI
[2007/07/23 19:25:35 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2007/06/26 01:26:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2007/06/26 01:26:00 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2007/06/01 19:50:35 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/27 14:47:00 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/05/20 02:09:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/05/19 10:26:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/05/19 10:26:32 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/05/04 21:03:24 | 000,000,089 | ---- | C] () -- C:\WINDOWS\graphedt.INI
[2007/05/04 17:55:49 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/05/03 16:14:07 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/04/28 18:04:26 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/04/28 18:04:26 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/04/28 18:04:26 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/03/20 20:28:07 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/03/05 19:11:55 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2007/03/05 19:11:55 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2007/02/26 20:52:01 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\fusioncache.dat
[2007/01/27 20:38:42 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/26 16:04:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2007/01/25 20:33:29 | 000,001,390 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2007/01/25 20:33:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2007/01/25 20:33:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2007/01/24 19:41:09 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2007/01/24 19:41:02 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
========== LOP Check ==========
[2008/08/18 11:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2009/09/19 14:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/04/18 15:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/10/30 21:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/03/03 01:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/21 15:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
[2007/06/02 20:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/09/12 16:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/17 16:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/28 17:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Activision
[2007/08/05 01:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\ArtificialStudios
[2007/09/09 17:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Bioshock
[2009/10/01 04:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\bitolithic
[2007/03/21 17:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\CD-LabelPrint
[2009/10/01 16:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\cYo
[2009/07/25 12:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\dBpoweramp
[2007/08/08 16:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\GanymedeNet
[2009/04/01 13:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\id Software
[2010/02/08 00:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Internode
[2008/01/07 19:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Leadertech
[2009/07/10 17:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\LucasArts
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\NCH Swift Sound
[2008/01/19 16:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Orbit
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Recordpad
[2007/09/16 00:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Softland
[2010/02/19 13:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Sony
[2008/10/02 16:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Sony Setup
[2008/09/19 19:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SPORE
[2008/09/04 11:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SPORE Creature Creator
[2007/03/05 15:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SumatraPDF
[2009/08/18 13:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\System Requirements Lab BETA
[2009/08/28 14:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SystemRequirementsLab
[2008/05/16 15:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Teleca
[2009/09/19 14:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Uniblue
[2008/11/17 19:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Windows Search
[2009/07/22 13:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\XLink Kai
[2009/08/24 19:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\yoclient
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2005/03/14 17:05:08 | 000,091,776 | R--- | M] (NVIDIA Corporation) MD5=52CAB126C3ED5B851FB80EBA0BEA5C4E -- C:\WINDOWS\system32\drivers\nvatabus.sys
< MD5 for: SCECLI.DLL >
[2004/08/04 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
========== Files - Unicode (All) ==========
[2010/02/09 16:38:17 | 000,000,081 | ---- | M] ()(C:\Documents and Settings\Steve\Desktop\Xbox C4 ???????? ???????????????? ???????????.URL) -- C:\Documents and Settings\Steve\Desktop\Xbox C4 ロストプラネット エクストリームコンディション攻略 ターゲットマークの配置.URL
[2010/02/09 16:38:17 | 000,000,081 | ---- | C] ()(C:\Documents and Settings\Steve\Desktop\Xbox C4 ???????? ???????????????? ???????????.URL) -- C:\Documents and Settings\Steve\Desktop\Xbox C4 ロストプラネット エクストリームコンディション攻略 ターゲットマークの配置.URL
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29ACA54
< End of report >
IndiGenus
2010-03-15, 04:40
Indi, here is the second result of the OTL scan in OTL.txt form. I have no idea what I am looking for in these results texts, so hopefully he've made great progress. :bigthumb:
That's what I'm here for....:bigthumb:
While I'm looking them over give me an update on how it's running.
MaximumMayhem
2010-03-15, 05:50
To be honest, up until the time my Steam and Yahoo account were compromised, I could detect no real change in the behaviour or speed of my system.
MaximumMayhem
2010-03-15, 09:18
You know what Indi? Come to think of it, applications seem to be loading alot quicker. I do see a difference here. Perhaps I got used to how much slower it used to be. Outlook Express for example, opens in the blink of an eye. Already an improvement here! :rockon:
IndiGenus
2010-03-15, 15:08
You're looking pretty good. I noticed you have MalwareBytes installed. I would suggest you do a quick system scan with it, making sure it's up to date. Post the log if anything is found.
Go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
MaximumMayhem
2010-03-15, 16:55
Hi Indi,
Im relieved to hear that my system now looks clean for the most part. Unfortunately, I am unable to use Kaspersky Online Scan due to the Java problem. The site requires Java to operate properly. How can we rectify this issue? Is it a registry problem? I am assuming that there must be some sort of corruption on my system preventing Java from being able to function correctly.
:scratch:
IndiGenus
2010-03-15, 17:21
Hi Indi,
Im relieved to hear that my system now looks clean for the most part. Unfortunately, I am unable to use Kaspersky Online Scan due to the Java problem. The site requires Java to operate properly. How can we rectify this issue? Is it a registry problem? I am assuming that there must be some sort of corruption on my system preventing Java from being able to function correctly.
:scratch:
Argghhhh.....I knew that (sort of) :oops:
Let's see if we can get it installed. I'd like to try JavaRa first.
Please download JavaRa (http://raproducts.org/click/click.php?id=1) to your desktop and unzip it to its own folder
Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Let me know how you make out. Have you tried any 3rd party uninstallers on it yet?
MaximumMayhem
2010-03-15, 21:17
Hi Indi,
I ran JavaRa and at first I got an error when trying to remove my older Java installation. Tried it again and low and behold, it stated that it had completed the task. The log file is quite long so let me know if you'd like to see it at any stage.
Unfortunately, after downloading via Sun, I double click the JRE .exe and nothing happens at all. Strangely enough; in my Control Panel, the Java icon still shows up and when I double click it I get an error window popping up that says, "The system cannot find the registry key specified: HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01"
To answer your question, no - I havent used any other third party uninstallers to try and clean out Java apart from Windows Install Clean Up which hasnt done such a great job by the looks of things. Java does not show up in the Add/Remove Programs section either.
What are my options besides reformatting the darn thing?
:sad:
PS: So if the MalwareByes scan comes up clean, is it safe to use electronic banking etc again?
IndiGenus
2010-03-15, 22:16
Hi Indi,
I ran JavaRa and at first I got an error when trying to remove my older Java installation. Tried it again and low and behold, it stated that it had completed the task. The log file is quite long so let me know if you'd like to see it at any stage.
Unfortunately, after downloading via Sun, I double click the JRE .exe and nothing happens at all. Strangely enough; in my Control Panel, the Java icon still shows up and when I double click it I get an error window popping up that says, "The system cannot find the registry key specified: HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01"
To answer your question, no - I havent used any other third party uninstallers to try and clean out Java apart from Windows Install Clean Up which hasnt done such a great job by the looks of things. Java does not show up in the Add/Remove Programs section either.
What are my options besides reformatting the darn thing?
:sad:
PS: So if the MalwareByes scan comes up clean, is it safe to use electronic banking etc again?
I'll start with your last question. I am pretty confident that you are clean from any active infection. I usually advise an online scan or 2 for traces.
As far as 3rd party uninstallers go, I would suggest trying Revo Uninstaller (http://www.revouninstaller.com/). I've had good luck with it in the past myself and have recommended it on the forums many times with good success. They have a fully functional 30 day trial you can try out. Let me know how it goes.
MaximumMayhem
2010-03-16, 06:07
Hi Indi,
I have installed Revo, but unfortunately Java is not showing up. I suppose a format will be in order. Would it be quite possible that my registry is corrupted somehow in that sense?
Thanks for your help all the same. I have lousy luck with computers. The most important part was making sure the system is clean.
:thanks:
IndiGenus
2010-03-16, 13:44
Hi Indi,
I have installed Revo, but unfortunately Java is not showing up. I suppose a format will be in order. Would it be quite possible that my registry is corrupted somehow in that sense?
Thanks for your help all the same. I have lousy luck with computers. The most important part was making sure the system is clean.
:thanks:
It's obviously up to you, but I wouldn't go straight to a full reformat yet, just because of Java issues. You're not having any other issues other than removing and installing Java?
Let me do a little research on this.
In the meantime, we can run the Kaspersky AVP tool, which doesn't require it.
Please click here (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) to download AVP Tool by Kaspersky.
Save it to your desktop.
Reboot your computer into SafeMode.
You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
It will by default install it to your desktop folder.Click Next.
Hit ok at the prompt for scanning in Safe Mode.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.
System Memory
Startup Objects
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)
After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.
Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be Neutralized then chooose The delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it Kas.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.
MaximumMayhem
2010-03-17, 23:28
Hi Indi,
I did a scan whilst away at work and when I came back, I had no messages of any detections needing to be neutralised. I brought up the Report and couldnt see any option to save it, so below is a screenshot:
http://i471.photobucket.com/albums/rr74/MaximumMayhem/untitled.gif
I am guessing that the setup file or MiRC had nastys in it. They have been manually removed by myself.
I guess with that gone, my PC should hopefully now be clean of filth right?
Next up is dealing with the Java problem which seems to be the bigger challenge!
IndiGenus
2010-03-18, 14:41
I'm fairly confident you are clean. We will just need to clean up the tools we used, but before we do that please run OTL again and post the log.
MaximumMayhem
2010-03-19, 01:22
Thanks Indi,
Here is the OTL log file:
OTL logfile created on: 18/03/2010 10:57:44 PM - Run 3
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 11.33 Gb Free Space | 15.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 27.95 Gb Total Space | 7.42 Gb Free Space | 26.55% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 2.69 Gb Free Space | 0.90% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVESBIYATCH
Current User Name: Steve
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/20 10:08:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\UMonit.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 11:38:00 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008/01/16 06:54:54 | 000,037,376 | ---- | M] () -- C:\Program Files\Winamp5\winampa.exe
PRC - [2006/06/01 14:47:30 | 000,499,712 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
PRC - [2005/05/17 18:48:32 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 20:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2003/05/23 12:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/03/14 10:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
========== Modules (SafeList) ==========
MOD - [2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/05/02 02:38:54 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004/08/04 20:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2003/05/23 12:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/12 15:58:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/13 17:40:46 | 000,000,000 | ---D | M]
[2008/06/24 17:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Extensions
[2007/01/24 20:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\iycum9qa.default\extensions
[2010/03/18 04:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions
[2010/03/13 16:12:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/06/21 16:32:36 | 000,000,000 | ---D | M] (STOP! Hammertime!) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions\{f274730f-db76-4942-97ba-7984ab94f854}
[2007/01/26 16:58:21 | 000,002,392 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\all-music-guide-artist-search.xml
[2009/05/17 03:22:50 | 000,001,127 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\AllGameGuide.xml
[2007/01/26 16:57:50 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\allrecipes.xml
[2010/03/14 16:02:58 | 000,001,412 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\bittorrent.xml
[2006/10/26 02:39:21 | 000,002,214 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\cddball.xml
[2007/01/26 16:56:58 | 000,002,350 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\coveruniverse.xml
[2007/01/26 16:54:05 | 000,002,338 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ebay.xml
[2007/01/26 16:57:44 | 000,002,388 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ebaycouk.xml
[2009/07/01 22:29:01 | 000,001,157 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\freedict.xml
[2007/01/26 16:58:12 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\gracenote-cddb.xml
[2007/01/26 16:57:32 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\icq-uin-search.xml
[2007/01/26 16:56:45 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\idp-translation.xml
[2008/06/24 21:53:56 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\IMDb.xml
[2007/01/26 16:58:18 | 000,002,370 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ms-knowledge-base.xml
[2007/01/26 16:58:06 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\nslookup.xml
[2007/01/26 16:58:24 | 000,002,332 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\thesaurus.xml
[2007/01/26 16:58:00 | 000,002,340 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\wayback-machine.xml
[2007/01/26 16:53:51 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\whois-service.xml
[2008/06/24 21:53:56 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\wikipedia.xml
[2010/03/18 15:10:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/03 13:12:00 | 000,925,696 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPBOARDS.dll
[2010/03/12 14:44:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 14:44:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 14:44:00 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 14:44:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/03/03 16:37:27 | 000,381,529 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13145 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbit Downloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp5\winampa.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263212115312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263212104140 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/28 13:03:12 | 000,000,000 | RH-D | M] - G:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/01/24 19:00:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (5068516675813376)
========== Files/Folders - Created Within 14 Days ==========
[2010/03/18 15:57:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/18 05:34:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Steve\Recent
[2010/03/17 02:36:29 | 067,573,464 | ---- | C] ( ) -- C:\Documents and Settings\Steve\Desktop\setup_9.0.0.722_16.03.2010_20-33.exe
[2010/03/16 11:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\VS Revo Group
[2010/03/16 11:51:47 | 006,595,320 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Steve\Desktop\RevoUninProSetup.exe
[2010/03/16 02:47:35 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Steve\Desktop\JavaRa.exe
[2010/03/15 10:14:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/15 10:05:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/15 10:00:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/15 10:00:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/15 10:00:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/15 10:00:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/15 10:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/15 09:59:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/14 16:12:21 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/03/13 18:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Boardmaker Saves
[2010/03/13 18:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Boardmaker with SD Pro
[2010/03/13 17:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Alcohol 120%
[2010/03/13 17:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2010/03/13 16:45:18 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steve\Desktop\HijackThis.exe
[2010/03/13 16:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Downloads
[2010/03/12 19:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\My GOLD
[2010/03/12 16:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/12 16:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/12 15:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/12 15:57:52 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/03/11 17:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Dad's Fishing 11-03-2010
[2010/03/07 16:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Polska
[2010/03/05 02:32:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/05 02:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/25 12:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/06/24 18:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/06/24 17:59:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/25 00:28:49 | 002,494,367 | ---- | C] (Plaino) -- C:\Program Files\FLVplayer.exe
[2007/01/27 19:06:14 | 005,689,344 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/03/18 14:57:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/18 14:57:35 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/18 14:57:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/18 14:57:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/18 05:34:48 | 031,981,568 | ---- | M] () -- C:\Documents and Settings\Steve\NTUSER.DAT
[2010/03/18 05:31:14 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/18 04:26:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Steve\ntuser.ini
[2010/03/18 04:26:13 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\IconCache.db
[2010/03/18 04:26:12 | 000,000,855 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/18 04:26:12 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/03/18 04:26:12 | 000,000,292 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/17 03:01:14 | 067,573,464 | ---- | M] ( ) -- C:\Documents and Settings\Steve\Desktop\setup_9.0.0.722_16.03.2010_20-33.exe
[2010/03/16 11:53:50 | 006,595,320 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Steve\Desktop\RevoUninProSetup.exe
[2010/03/16 02:47:25 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\JavaRa.zip
[2010/03/15 09:34:23 | 003,889,756 | R--- | M] () -- C:\Documents and Settings\Steve\Desktop\ComboFix.exe
[2010/03/14 16:13:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\fw272e53.exe
[2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/03/13 18:54:59 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\ax_files.xml
[2010/03/13 17:39:15 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/13 16:45:26 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Steve\Desktop\HijackThis.exe
[2010/03/08 14:40:49 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/03/16 02:47:37 | 000,245,103 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\JavaRa.def
[2010/03/16 02:47:24 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\JavaRa.zip
[2010/03/15 10:05:17 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/03/15 10:05:14 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/15 10:00:46 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/15 10:00:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/15 10:00:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/15 10:00:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/15 10:00:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/15 09:33:10 | 003,889,756 | R--- | C] () -- C:\Documents and Settings\Steve\Desktop\ComboFix.exe
[2010/03/14 16:13:37 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\fw272e53.exe
[2010/03/13 17:45:49 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\ax_files.xml
[2010/03/13 17:39:15 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/11 20:44:21 | 000,820,166 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\PeerBlock_r181__Win32_Release.zip
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/22 21:45:53 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/07/18 09:19:16 | 000,263,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/04/20 12:03:30 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\ceville_console_history.txt
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg7.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg6.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg5.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg4.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg3.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg2.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg0.ini
[2009/03/20 00:24:12 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\IconCfg1.ini
[2008/12/13 00:48:16 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Wlf.INI
[2008/11/20 15:35:15 | 000,010,886 | R--- | C] () -- C:\WINDOWS\System32\RdCi1009.dll
[2008/10/24 19:30:32 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/10/24 19:30:32 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/10/13 14:25:55 | 000,000,223 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2008/10/08 19:24:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wldtlk37.ini
[2008/10/07 20:45:26 | 000,000,051 | ---- | C] () -- C:\WINDOWS\tlknw37.ini
[2008/10/07 20:27:47 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/02/07 21:43:17 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/11/26 13:46:14 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2007/11/13 16:32:35 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\PnkBstrK.sys
[2007/10/24 08:47:47 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/10/04 16:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/26 20:34:13 | 000,138,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/07/31 19:36:35 | 000,000,020 | ---- | C] () -- C:\WINDOWS\musicmv.INI
[2007/07/23 19:25:35 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2007/06/26 01:26:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2007/06/26 01:26:00 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2007/06/01 19:50:35 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/27 14:47:00 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/05/20 02:09:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/05/19 10:26:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/05/19 10:26:32 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/05/04 21:03:24 | 000,000,089 | ---- | C] () -- C:\WINDOWS\graphedt.INI
[2007/05/04 17:55:49 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/05/03 16:14:07 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/04/28 18:04:26 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/04/28 18:04:26 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/04/28 18:04:26 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/03/20 20:28:07 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/03/05 19:11:55 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2007/03/05 19:11:55 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2007/02/26 20:52:01 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\fusioncache.dat
[2007/01/27 20:38:42 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/26 16:04:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2007/01/25 20:33:29 | 000,001,390 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2007/01/25 20:33:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2007/01/25 20:33:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2007/01/24 19:41:09 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2007/01/24 19:41:02 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
========== LOP Check ==========
[2008/08/18 11:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2009/09/19 14:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/04/18 15:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/10/30 21:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/03/03 01:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/21 15:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
[2007/06/02 20:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/09/12 16:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/17 16:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/28 17:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Activision
[2007/08/05 01:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\ArtificialStudios
[2007/09/09 17:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Bioshock
[2009/10/01 04:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\bitolithic
[2007/03/21 17:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\CD-LabelPrint
[2009/10/01 16:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\cYo
[2009/07/25 12:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\dBpoweramp
[2007/08/08 16:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\GanymedeNet
[2009/04/01 13:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\id Software
[2010/02/08 00:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Internode
[2008/01/07 19:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Leadertech
[2009/07/10 17:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\LucasArts
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\NCH Swift Sound
[2008/01/19 16:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Orbit
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Recordpad
[2007/09/16 00:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Softland
[2010/02/19 13:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Sony
[2008/10/02 16:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Sony Setup
[2008/09/19 19:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SPORE
[2008/09/04 11:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SPORE Creature Creator
[2007/03/05 15:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SumatraPDF
[2009/08/18 13:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\System Requirements Lab BETA
[2009/08/28 14:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SystemRequirementsLab
[2008/05/16 15:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Teleca
[2009/09/19 14:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Uniblue
[2008/11/17 19:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Windows Search
[2009/07/22 13:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\XLink Kai
[2009/08/24 19:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\yoclient
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2005/03/14 17:05:08 | 000,091,776 | R--- | M] (NVIDIA Corporation) MD5=52CAB126C3ED5B851FB80EBA0BEA5C4E -- C:\WINDOWS\system32\drivers\nvatabus.sys
< MD5 for: SCECLI.DLL >
[2004/08/04 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
========== Files - Unicode (All) ==========
[2010/02/09 16:38:17 | 000,000,081 | ---- | M] ()(C:\Documents and Settings\Steve\Desktop\Xbox C4 ???????? ???????????????? ???????????.URL) -- C:\Documents and Settings\Steve\Desktop\Xbox C4 ロストプラネット エクストリームコンディション攻略 ターゲットマークの配置.URL
[2010/02/09 16:38:17 | 000,000,081 | ---- | C] ()(C:\Documents and Settings\Steve\Desktop\Xbox C4 ???????? ???????????????? ???????????.URL) -- C:\Documents and Settings\Steve\Desktop\Xbox C4 ロストプラネット エクストリームコンディション攻略 ターゲットマークの配置.URL
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29ACA54
< End of report >
IndiGenus
2010-03-19, 03:18
Some Java "scraps" in there. We can use OTL to clean them out.
Run OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
:Commands
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log.
You should also make sure the following folder is not there. If it is delete it.
C:\Program Files\Java
MaximumMayhem
2010-03-19, 19:41
Done & done Indi. Here is the latest OTL log file for your perusal. Thanks again. I really appreciate your time.
OTL logfile created on: 20/03/2010 1:23:27 AM - Run 4
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 11.25 Gb Free Space | 15.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 27.95 Gb Total Space | 7.42 Gb Free Space | 26.55% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 2.69 Gb Free Space | 0.90% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVESBIYATCH
Current User Name: Steve
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/20 10:08:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\UMonit.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 11:38:00 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008/01/16 06:54:54 | 000,037,376 | ---- | M] () -- C:\Program Files\Winamp5\winampa.exe
PRC - [2006/06/01 14:47:30 | 000,499,712 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
PRC - [2005/05/17 18:48:32 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 20:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2003/05/23 12:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/03/14 10:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
========== Modules (SafeList) ==========
MOD - [2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/05/02 02:38:54 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2008/04/14 08:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004/08/04 20:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2003/05/23 12:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/12 15:58:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/13 17:40:46 | 000,000,000 | ---D | M]
[2008/06/24 17:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Extensions
[2007/01/24 20:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\iycum9qa.default\extensions
[2010/03/19 07:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions
[2010/03/13 16:12:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/06/21 16:32:36 | 000,000,000 | ---D | M] (STOP! Hammertime!) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions\{f274730f-db76-4942-97ba-7984ab94f854}
[2007/01/26 16:58:21 | 000,002,392 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\all-music-guide-artist-search.xml
[2009/05/17 03:22:50 | 000,001,127 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\AllGameGuide.xml
[2007/01/26 16:57:50 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\allrecipes.xml
[2010/03/14 16:02:58 | 000,001,412 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\bittorrent.xml
[2006/10/26 02:39:21 | 000,002,214 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\cddball.xml
[2007/01/26 16:56:58 | 000,002,350 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\coveruniverse.xml
[2007/01/26 16:54:05 | 000,002,338 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ebay.xml
[2007/01/26 16:57:44 | 000,002,388 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ebaycouk.xml
[2009/07/01 22:29:01 | 000,001,157 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\freedict.xml
[2007/01/26 16:58:12 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\gracenote-cddb.xml
[2007/01/26 16:57:32 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\icq-uin-search.xml
[2007/01/26 16:56:45 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\idp-translation.xml
[2008/06/24 21:53:56 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\IMDb.xml
[2007/01/26 16:58:18 | 000,002,370 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ms-knowledge-base.xml
[2007/01/26 16:58:06 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\nslookup.xml
[2007/01/26 16:58:24 | 000,002,332 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\thesaurus.xml
[2007/01/26 16:58:00 | 000,002,340 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\wayback-machine.xml
[2007/01/26 16:53:51 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\whois-service.xml
[2008/06/24 21:53:56 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\wikipedia.xml
[2010/03/19 07:30:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/03 13:12:00 | 000,925,696 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPBOARDS.dll
[2010/03/12 14:44:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 14:44:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 14:44:00 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 14:44:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/03/03 16:37:27 | 000,381,529 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13145 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbit Downloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp5\winampa.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263212115312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263212104140 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/28 13:03:12 | 000,000,000 | RH-D | M] - G:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2010/03/19 18:15:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/19 08:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\iPhone Photos
[2010/03/18 15:57:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/18 05:34:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Steve\Recent
[2010/03/17 02:36:29 | 067,573,464 | ---- | C] ( ) -- C:\Documents and Settings\Steve\Desktop\setup_9.0.0.722_16.03.2010_20-33.exe
[2010/03/16 11:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\VS Revo Group
[2010/03/16 11:51:47 | 006,595,320 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Steve\Desktop\RevoUninProSetup.exe
[2010/03/16 02:47:35 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Steve\Desktop\JavaRa.exe
[2010/03/15 10:14:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/15 10:05:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/15 10:00:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/15 10:00:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/15 10:00:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/15 10:00:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/15 10:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/15 09:59:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/14 16:12:21 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/03/13 18:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Boardmaker Saves
[2010/03/13 18:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Boardmaker with SD Pro
[2010/03/13 17:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Alcohol 120%
[2010/03/13 17:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2010/03/13 16:45:18 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steve\Desktop\HijackThis.exe
[2010/03/13 16:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Downloads
[2010/03/12 19:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\My GOLD
[2010/03/12 16:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/12 16:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/12 15:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/12 15:57:52 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/03/11 20:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Peer Block
[2010/03/11 17:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Dad's Fishing 11-03-2010
[2010/03/07 16:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Polska
[2010/03/05 02:32:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/05 02:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/25 12:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/06/24 18:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/06/24 17:59:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/25 00:28:49 | 002,494,367 | ---- | C] (Plaino) -- C:\Program Files\FLVplayer.exe
[2007/01/27 19:06:14 | 005,689,344 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe
========== Files - Modified Within 14 Days ==========
[2010/03/19 22:09:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/19 22:08:44 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/19 22:08:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/19 22:08:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/19 18:18:23 | 031,981,568 | ---- | M] () -- C:\Documents and Settings\Steve\NTUSER.DAT
[2010/03/19 18:18:15 | 003,230,088 | -H-- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\IconCache.db
[2010/03/18 05:31:14 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/18 04:26:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Steve\ntuser.ini
[2010/03/18 04:26:12 | 000,000,855 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/18 04:26:12 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/03/18 04:26:12 | 000,000,292 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/17 03:01:14 | 067,573,464 | ---- | M] ( ) -- C:\Documents and Settings\Steve\Desktop\setup_9.0.0.722_16.03.2010_20-33.exe
[2010/03/16 11:53:50 | 006,595,320 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Steve\Desktop\RevoUninProSetup.exe
[2010/03/16 02:47:25 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\JavaRa.zip
[2010/03/15 09:34:23 | 003,889,756 | R--- | M] () -- C:\Documents and Settings\Steve\Desktop\ComboFix.exe
[2010/03/14 16:13:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\fw272e53.exe
[2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/03/13 18:54:59 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\ax_files.xml
[2010/03/13 17:39:15 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/13 16:45:26 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Steve\Desktop\HijackThis.exe
[2010/03/11 20:44:35 | 000,820,166 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\PeerBlock_r181__Win32_Release.zip
[2010/03/08 14:40:49 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
========== Files Created - No Company Name ==========
[2010/03/16 02:47:37 | 000,245,103 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\JavaRa.def
[2010/03/16 02:47:24 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\JavaRa.zip
[2010/03/15 10:05:17 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/03/15 10:05:14 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/15 10:00:46 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/15 10:00:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/15 10:00:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/15 10:00:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/15 10:00:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/15 09:33:10 | 003,889,756 | R--- | C] () -- C:\Documents and Settings\Steve\Desktop\ComboFix.exe
[2010/03/14 16:13:37 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\fw272e53.exe
[2010/03/13 17:45:49 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\ax_files.xml
[2010/03/13 17:39:15 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/11 20:44:21 | 000,820,166 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\PeerBlock_r181__Win32_Release.zip
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/22 21:45:53 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/07/18 09:19:16 | 000,263,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/04/20 12:03:30 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\ceville_console_history.txt
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg7.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg6.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg5.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg4.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg3.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg2.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg0.ini
[2009/03/20 00:24:12 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\IconCfg1.ini
[2008/12/13 00:48:16 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Wlf.INI
[2008/11/20 15:35:15 | 000,010,886 | R--- | C] () -- C:\WINDOWS\System32\RdCi1009.dll
[2008/10/24 19:30:32 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/10/24 19:30:32 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/10/13 14:25:55 | 000,000,223 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2008/10/08 19:24:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wldtlk37.ini
[2008/10/07 20:45:26 | 000,000,051 | ---- | C] () -- C:\WINDOWS\tlknw37.ini
[2008/10/07 20:27:47 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/02/07 21:43:17 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/11/26 13:46:14 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2007/11/13 16:32:35 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\PnkBstrK.sys
[2007/10/24 08:47:47 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/10/04 16:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/26 20:34:13 | 000,138,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/07/31 19:36:35 | 000,000,020 | ---- | C] () -- C:\WINDOWS\musicmv.INI
[2007/07/23 19:25:35 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2007/06/26 01:26:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2007/06/26 01:26:00 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2007/06/01 19:50:35 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/27 14:47:00 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/05/20 02:09:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/05/19 10:26:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/05/19 10:26:32 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/05/04 21:03:24 | 000,000,089 | ---- | C] () -- C:\WINDOWS\graphedt.INI
[2007/05/04 17:55:49 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/05/03 16:14:07 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/04/28 18:04:26 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/04/28 18:04:26 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/04/28 18:04:26 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/03/20 20:28:07 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/03/05 19:11:55 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2007/03/05 19:11:55 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2007/02/26 20:52:01 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\fusioncache.dat
[2007/01/27 20:38:42 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/26 16:04:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2007/01/25 20:33:29 | 000,001,390 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2007/01/25 20:33:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2007/01/25 20:33:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2007/01/24 19:41:09 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2007/01/24 19:41:02 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
========== LOP Check ==========
[2008/08/18 11:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2009/09/19 14:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/04/18 15:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/10/30 21:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/03/03 01:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/21 15:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
[2007/06/02 20:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/09/12 16:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/17 16:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/28 17:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Activision
[2007/08/05 01:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\ArtificialStudios
[2007/09/09 17:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Bioshock
[2009/10/01 04:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\bitolithic
[2007/03/21 17:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\CD-LabelPrint
[2009/10/01 16:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\cYo
[2009/07/25 12:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\dBpoweramp
[2007/08/08 16:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\GanymedeNet
[2009/04/01 13:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\id Software
[2010/02/08 00:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Internode
[2008/01/07 19:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Leadertech
[2009/07/10 17:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\LucasArts
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\NCH Swift Sound
[2008/01/19 16:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Orbit
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Recordpad
[2007/09/16 00:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Softland
[2010/02/19 13:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Sony
[2008/10/02 16:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Sony Setup
[2008/09/19 19:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SPORE
[2008/09/04 11:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SPORE Creature Creator
[2007/03/05 15:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SumatraPDF
[2009/08/18 13:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\System Requirements Lab BETA
[2009/08/28 14:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SystemRequirementsLab
[2008/05/16 15:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Teleca
[2009/09/19 14:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Uniblue
[2008/11/17 19:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Windows Search
[2009/07/22 13:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\XLink Kai
[2009/08/24 19:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\yoclient
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2005/03/14 17:05:08 | 000,091,776 | R--- | M] (NVIDIA Corporation) MD5=52CAB126C3ED5B851FB80EBA0BEA5C4E -- C:\WINDOWS\system32\drivers\nvatabus.sys
< MD5 for: SCECLI.DLL >
[2004/08/04 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
========== Files - Unicode (All) ==========
[2010/02/09 16:38:17 | 000,000,081 | ---- | M] ()(C:\Documents and Settings\Steve\Desktop\Xbox C4 ???????? ???????????????? ???????????.URL) -- C:\Documents and Settings\Steve\Desktop\Xbox C4 ロストプラネット エクストリームコンディション攻略 ターゲットマークの配置.URL
[2010/02/09 16:38:17 | 000,000,081 | ---- | C] ()(C:\Documents and Settings\Steve\Desktop\Xbox C4 ???????? ???????????????? ???????????.URL) -- C:\Documents and Settings\Steve\Desktop\Xbox C4 ロストプラネット エクストリームコンディション攻略 ターゲットマークの配置.URL
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29ACA54
< End of report >
IndiGenus
2010-03-19, 19:45
Hi,
Okay, I think we can clean up our tools.
Uninstall Combofix
Click START then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
The above procedure will:
Delete the following: ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.
+++++++++++++++++++++
Make sure you have an Internet Connection.
Run OTL.
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTM to rech the Internet, please allow the application to do so.
Click Yes to beging the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
+++++++++++++++++++++++++
Have you tried installing Java since running OTL this last time? If not then try. And have you tried both the online and offline installers?
MaximumMayhem
2010-03-20, 07:19
Hi Indi. Both OTL and Cobmofix have been successfully removed. I have since tried installing the Java JRE and get the same problem. If I use the offline installler, I double click the setup executable and get a cursor hourglass up for one second and then nothing. If I use the online variant, I get the following error:
http://i471.photobucket.com/albums/rr74/MaximumMayhem/javaerror.gif
So unfortunately, we're still at a dead end with this one.
IndiGenus
2010-03-20, 23:59
Hi,
I've done a bit of research and have seen some others with the same issue, but haven't really found a solid fix. Most point to a Firewall blocking the install, which is possible, though I doubt it, as it's only the XP Firewall you have running....you could try disabling it and see what happens (temporarily of course).
Now that you're clean I would suggest you post over at one of the other forums. There are many good ones but GeeksToGo is pretty active and they have some great techs over there. I would suggest you post the issue in the following forum.
http://www.geekstogo.com/forum/Applications-f12.html
Drop a link to back here to let them know what we've been up to and what we've tried. That should also confirm to them you're clean.
Let me know how you make out and I'll keep looking into it also and post back if I find anything.
MaximumMayhem
2010-03-21, 05:23
Thanks very much Indi, I will do just that ;)
Thanks so much for putting so much time and effort into helping me. I really appreciate it. You guys and girls are truly amazing! :thanks: